Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: inetdiag: fixed a kernel-infoleak issue for UDP sockets KMSAN reported a kernel-infoleak issue 1 that could be exploited by unprivileged users. Analysis revealed that UDP was not initializing r-idiagexpires. Other users of...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: inetdiag: The pad field in struct inetdiagreqv2 should be initialized. KMSAN reported an uninit-value access in rawlookup. The diagnostics for raw sockets use the pad field in struct inetdiagreqv2 for the underlying protocol...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005024)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005024 advisory. In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001629 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...

Siemens SIMATIC S7-1500 Use of Uninitialized Resource (CVE-2024-42106)

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989046)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989046 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989754)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989754 advisory. In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-389728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-389728 advisory. In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12779)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12779 advisory. - driver core: Fix ueventshow vs driver detach race Dan Williams Orabug: 37029154 CVE-2024-44952 - VMCI: Fix use-after-free when removing resource in...

DEBIAN-CVE-2024-42106

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in rawlookup 1. Diag for raw sockets uses the pad field in struct inetdiagreqv2 for the underlying protocol. This field corresponds to the...

UBUNTU-CVE-2024-42106

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in rawlookup 1. Diag for raw sockets uses the pad field in struct inetdiagreqv2 for the underlying protocol. This field corresponds to the...

SUSE CVE-2022-48855

In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...

DEBIAN-CVE-2022-48855

In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...

SUSE CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...

DEBIAN-CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...

UBUNTU-CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...

SUSE CVE-2010-3880

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

SUSE CVE-2011-2213

The inetdiagbcaudit function in net/ipv4/inetdiag.c in the Linux kernel before 2.6.39.3 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message, as demonstrated by an...

SUSE CVE-2017-7558

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic...

UBUNTU-CVE-2017-7558

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic...