Lucene search
+L

188 matches found

osv
osv
added 2025/08/19 5:3 p.m.10 views

CVE-2025-38588 ipv6: prevent infinite loop in rt6_nlmsg_size()

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6nlmsgsize While testing prior patch, I was able to trigger an infinite loop in rt6nlmsgsize in the following place: listforeachentryrcusibling, &f6i-fib6siblings, fib6siblings...

5.5CVSS6AI score0.00147EPSS
Exploits0References10
osv
osv
added 2025/08/19 5:3 p.m.4 views

CVE-2025-38587 ipv6: fix possible infinite loop in fib6_info_uses_dev()

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6infousesdev fib6infousesdev seems to rely on RCU without an explicit protection. Like the prior fix in rt6nlmsgsize, we need to make sure fib6delroute or fib6addrt2node have not removed the...

5.5CVSS6AI score0.00147EPSS
Exploits0References10
nessus
nessus
added 2025/08/12 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-47546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present...

5.5CVSS6.1AI score0.00222EPSS
Exploits0References2
nessus
nessus
added 2025/08/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-52996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: prevent potential spectre v1 gadget in fibmetricsmatch if !type continue; if type RTAXMAX return false; ... fival = fi-fibmetrics-metricstype - 1; @type...

5.5CVSS6.5AI score0.00246EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2025/07/03 12:0 a.m.5 views

The vulnerability in the `drivers/net/netdevsim/fib.c` component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the drivers/net/netdevsim/fib.c component of the Linux operating system is related to reading data from the buffer beyond its allowable limits. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.9AI score0.00219EPSS
Exploits0References10Affected Software4
bdu_fstec
bdu_fstec
added 2025/06/02 12:0 a.m.7 views

The vulnerability of the fib_metrics_match() function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the fibmetricsmatch function in the Linux operating system’s kernel is related to the lack of memory release. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.2AI score0.00246EPSS
Exploits0References9Affected Software3
redhat
redhat
added 2025/04/16 3:19 a.m.4 views

kernel: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()

In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6rules: avoid possible NULL dereference in fib6ruleaction syzbot is able to trigger the following crash 1, caused by unsafe ip6dstidev use. Indeed ip6dstidev can return NULL, and must always be checked. 1 Oops: general...

5.5CVSS6.4AI score0.00289EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2025/04/14 12:0 a.m.7 views

The vulnerability of the fib4_rule_action() function in the net/ipv4/fibRules.c module of the IPv4 protocol implementation in the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the fib4ruleaction function in the net/ipv4/fibrules.c module of the Linux operating system’s IPv4 kernel implementation is related to improper memory release before deleting the last pointer memory leak. Exploiting this vulnerability could allow an attacker to cause a servic...

5.5CVSS5.7AI score0.00222EPSS
Exploits0References13Affected Software2
susecve
susecve
added 2025/03/28 3:38 a.m.2 views

SUSE CVE-2023-52996

In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fibmetricsmatch if !type continue; if type RTAXMAX return false; ... fival = fi-fibmetrics-metricstype - 1; @type being used as an array index, we need to prevent cpu speculation or ri...

5.5CVSS6.3AI score0.00246EPSS
Exploits0References3
osv
osv
added 2025/03/27 5:15 p.m.2 views

DEBIAN-CVE-2023-52996

In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fibmetricsmatch if !type continue; if type RTAXMAX return false; ... fival = fi-fibmetrics-metricstype - 1; @type being used as an array index, we need to prevent cpu speculation or ri...

5.5CVSS5.4AI score0.00246EPSS
Exploits0References1
osv
osv
added 2025/03/27 5:15 p.m.2 views

UBUNTU-CVE-2023-52996

In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fibmetricsmatch if !type continue; if type RTAXMAX return false; ... fival = fi-fibmetrics-metricstype - 1; @type being used as an array index, we need to prevent cpu speculation or ri...

5.5CVSS5.8AI score0.00246EPSS
Exploits0References8
cvelist
cvelist
added 2025/03/27 4:43 p.m.9 views

CVE-2023-52996 ipv4: prevent potential spectre v1 gadget in fib_metrics_match()

In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fibmetricsmatch if !type continue; if type RTAXMAX return false; ... fival = fi-fibmetrics-metricstype - 1; @type being used as an array index, we need to prevent cpu speculation or ri...

0.00246EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/03/27 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a Spectre v1 attack risk in fibmetricsmatch...

5.5CVSS5.7AI score0.00246EPSS
Exploits0References7
susecve
susecve
added 2025/02/27 3:4 a.m.2 views

SUSE CVE-2022-49580

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibmultipathuseneigh. While reading sysctlfibmultipathuseneigh, it can be changed concurrently. Thus, we need to add READONCE to its reader...

5.5CVSS6.5AI score0.0018EPSS
Exploits0References3
nvd
nvd
added 2025/02/26 7:1 a.m.10 views

CVE-2022-49637

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibsyncmem. While reading sysctlfibsyncmem, it can be changed concurrently. So, we need to add READONCE to avoid a data-race...

4.7CVSS0.00169EPSS
Exploits0References5
nvd
nvd
added 2025/02/26 7:1 a.m.19 views

CVE-2022-49576

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctlfibmultipathhashfields. While reading sysctlfibmultipathhashfields, it can be changed concurrently. Thus, we need to add READONCE to its readers...

4.7CVSS0.00176EPSS
Exploits0References3
osv
osv
added 2025/02/26 7:1 a.m.6 views

UBUNTU-CVE-2022-49576

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctlfibmultipathhashfields. While reading sysctlfibmultipathhashfields, it can be changed concurrently. Thus, we need to add READONCE to its readers...

4.7CVSS5.7AI score0.00176EPSS
Exploits0References6
osv
osv
added 2025/02/26 7:0 a.m.12 views

UBUNTU-CVE-2022-49092

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix route with nexthop object delete warning FRR folks have hit a kernel warning1 while deleting routes2 which is caused by trying to delete a route pointing to a nexthop id without specifying nhid but matching on an...

5.5CVSS6.2AI score0.00254EPSS
Exploits0References9
debiancve
debiancve
added 2025/02/26 2:23 a.m.6 views

CVE-2022-49637

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibsyncmem. While reading sysctlfibsyncmem, it can be changed concurrently. So, we need to add READONCE to avoid a data-race...

4.7CVSS5.3AI score0.00169EPSS
Exploits0
cve
cve
added 2025/02/26 2:23 a.m.150 views

CVE-2022-49580

The CVE-2022-49580 entry describes a data-race in the Linux kernel IPv4 path around reading sysctl_fib_multipath_use_neigh, which could be changed concurrently. The referenced fix adds READ_ONCE() to the reader to guard against concurrent modification. Affected software is the Linux kernel (IPv4 ...

4.7CVSS5.3AI score0.0018EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder