Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: gtp: Fixed a use-after-free in gtpencapdestroy. syzkaller reported a use-after-free in gtpencapdestroy. The same process freed “sk” and accessed it illegally. Commit e198987e7dd7 “gtp: fix suspicious RCU usage” added locksock...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: gtp: fixed a potential NULL pointer dereferencing issue. When sockfdlookup fails, gtpencapenablesocket returns a NULL pointer. However, its callers only check for error pointers, thereby missing the NULL pointer case. This issue...

SUSE-SU-2026:0727-1 Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.110 fixes various security issues The following security issues were fixed: - CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255577. - CVE-2023-54142: gtp: Fix use-after-free in gtpencapdestroy bsc1256097. -...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27396)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27396 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in...

CVE-2025-21678

In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtpnewlink links the device to a list in devnetdev instead of srcnet, where a udp tunnel socket is created. Even when srcnet is removed, the device stays alive on...

CVE-2024-46677

In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfdlookup fails, gtpencapenablesocket returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error point...

CVE-2024-44999

In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtpdevxmit syzbot/KMSAN reported use of uninit-value in getdevxmit 1 We must make sure the IPv4 or Ipv6 header is pulled in skb-head before accessing fields in them. Use pskbinetmaypull to fix this...

AZL-48714 CVE-2024-44999 affecting package kernel for versions less than 6.6.51.1-1

In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtpdevxmit syzbot/KMSAN reported use of uninit-value in getdevxmit 1 We must make sure the IPv4 or Ipv6 header is pulled in skb-head before accessing fields in them. Use pskbinetmaypull to fix this...

CVE-2024-26793

A flaw was found in the Linux kernel affecting the GPRS Tunneling Protocol GTP subsystem that involves a use-after-free and NULL pointer dereference in the gtpnewlink function. This issue potentially causes system crashes or allows unauthorized users to gain elevated privileges. Mitigation...

CVE-2024-26793

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtpnewlink The gtplinkops operations structure for the subsystem must be registered after registering the gtpnetops pernet operations structure. Syzkaller hit 'general protection faul...

CVE-2024-26793

In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtpnewlink The gtplinkops operations structure for the subsystem must be registered after registering the gtpnetops pernet operations structure. Syzkaller hit 'general protection faul...

CVE-2024-26754

A vulnerability was found in the gtpgenldumppdp function in the Linux kernel. This issue occurs due to incorrect initialization order and error handling, which can lead to use-after-free and NULL pointer dereference issues. This vulnerability could also cause undefined behaviors or crashes...

F5 Networks BIG-IP : TMM GTP vulnerability (K19012930)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 14.1.4.3 / 15.1.3.1 / 16.0.1.2 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K19012930 advisory. - On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before...

CVE-2005-4585

Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service infinite loop via unknown attack vectors...