Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: usbnet: Prevents “free active kevent” The root causes of this issue are as follows: 1. When probing the usbnet device and executing usbnetlinkchangedev, 0, 0, the kevent operation is placed in the global workqueue. However, th...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: igbvf: fixed a double-free in igbvfprobe. In igbvfprobe, if registernetdev fails, the program will proceed to label errhwinit, and then to label errioremap. In freenetdev, which occurs just below label errioremap, there are...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlanremoveone. priv is netdev’s private data, and it cannot be used after the freenetdev call. Using priv after freenetdev can cause a UAF bug. This issue is fixed by moving the freenetdev call to the end of t...

CVE-2025-68312 usbnet: Prevents free active kevent

In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchangedev, 0, 0; put the kevent work in global workqueue. However, the kevent has not yet been scheduled...

Linux Distros Unpatched Vulnerability : CVE-2025-68312

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchangedev, 0, 0 %NASLMINLEVEL 8090...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989541)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989541 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2ethremove Access to netdev after freenetdev will cause...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988757 advisory. In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in igbvfprobe In igbvfprobe, if registernetdev fails, the program will go ...

EUVD-2023-60052

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views th...

SUSE CVE-2023-53556

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in freenetdev We do netifnapiadd for all allocated qvectors, but potentially do netifnapidel for part of them, then kfree qvectors and leave invalid pointers at dev-napilist. Reproducer: root@host cat...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987219)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987219 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2ethremove Access to netdev after freenetdev will cause...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986873)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986873 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fzaprobe fp is netdev private data and it cannot be used after freenetdev...

CVE-2023-53556

CVE-2023-53556 is a Linux kernel use-after-free in the iavf driver (free_netdev) when removing virtual functions during SR-IOV handling. The connected Nessus/SUSE advisories enumerate this CVE among a large set of kernel issues and indicate the vulnerability is addressed by kernel updates in Eule...

CVE-2023-53556 iavf: Fix use-after-free in free_netdev

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in freenetdev We do netifnapiadd for all allocated qvectors, but potentially do netifnapidel for part of them, then kfree qvectors and leave invalid pointers at dev-napilist. Reproducer: root@host cat...

EUVD-2025-12950

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-47310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ti: fix UAF in tlanremoveone priv is netdev private data and it cannot be used after freenetdev call. Using priv after freenetdev can cause UAF bug. Fix it...

DEBIAN-CVE-2023-53028

In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211ifadd" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211iffree is already called from freenetdevndev because ndev-privdestructor == ieee80211iffree syzbot...

CVE-2024-42282 net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling

In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy netdevice handling Move the freeing of the dummy netdevice from mtkfreedev to mtkremove. Previously, if allocnetdevdummy failed in mtkprobe, eth-dummydev would be NUL...

CVE-2024-42282 net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling

In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy netdevice handling Move the freeing of the dummy netdevice from mtkfreedev to mtkremove. Previously, if allocnetdevdummy failed in mtkprobe, eth-dummydev would be NUL...

CVE-2021-47310

A vulnerability was found in the Linux kernel's TI TLAN driver, where the tlanremoveone function can lead to a use-after-free issue when the driver attempts to access private data after the network device has already been freed, potentially causing system instability or crash. Mitigation Red Hat...

SUSE CVE-2021-47235

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: fix potential use-after-free in ecbhfremove static void ecbhfremovestruct pcidev dev ... struct ecbhfpriv priv = netdevprivnetdev; unregisternetdevnetdev; freenetdevnetdev; pciiounmapdev, priv-dmaio; pciiounmapdev,...