Important: Red Hat Security Advisory: ovn23.06 security update

An update for ovn23.06 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2026-5265

CVE-2026-5265 describes a heap over-read in the ICMP error response generation within OVN’s ovn-controller. The issue occurs when generating ICMP Destination Unreachable or Packet Too Big messages: the handler copies a portion of the original packet into the ICMP error body using the IP header’s ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005514)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005514 advisory. In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctlicmperrorsuseinboundifaddr. While reading...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001466)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001466 advisory. A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly...

CVE-2023-53600

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in ipcomputecsum+0x134/0x220 Read of size 4 at addr ffff88811c50db00 by...

EUVD-2022-54600

Malicious code in bioql PyPI...

EUVD-2021-7746

Malicious code in bioql PyPI...

SUSE CVE-2022-49632

In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctlicmperrorsuseinboundifaddr. While reading sysctlicmperrorsuseinboundifaddr, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49632

In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctlicmperrorsuseinboundifaddr. While reading sysctlicmperrorsuseinboundifaddr, it can be changed concurrently. Thus, we need to add READONCE to its reader...

UBUNTU-CVE-2022-49632

In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctlicmperrorsuseinboundifaddr. While reading sysctlicmperrorsuseinboundifaddr, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49632 icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.

In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctlicmperrorsuseinboundifaddr. While reading sysctlicmperrorsuseinboundifaddr, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49632

CVE-2022-49632 is a Linux kernel data-race vulnerability in icmp: reading sysctl_icmp_errors_use_inbound_ifaddr can race with concurrent writes. The fix adds READ_ONCE() to the reader. CVSSv3.1 indicates a Local access requirement, High attack complexity, Low privileges, no user interaction, with...

CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-073)

The version of kernel installed on the remote host is prior to 5.4.149-73.259. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-073 advisory. A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, t...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, the socket will be used after being released leading to denial of service DoS or a potential code execution. The highest threat from this vulnerability is to data...

EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2023-1066)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation ...

SUSE CVE-2005-0068

The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using 1 blind connection-reset attacks with forged...

Oracle Linux 8 : kernel (ELSA-2022-1988)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1988 advisory. - netfilter: nftablesoffload: incorrect flow offload action array size Florian Westphal 2056728 CVE-2022-25636 - RDMA/cma: Do not change...

kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies

A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2022-006 (ALASKERNEL-5.10-2022-006)

The version of kernel installed on the remote host is prior to 5.10.68-62.173. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-006 advisory. A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener,...