38178 matches found
kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions
A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...
kernel: net/ipv6: ioam6: prevent schema length wraparound in trace fill
A flaw was found in the Linux kernel's IPv6 In-situ Operations, Administration, and Maintenance IOAM6 trace fill functionality. An integer overflow vulnerability exists in the ioam6filltracedata function, where the schema length calculation can wrap around due to being stored in an 8-bit unsigned...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
CVE-2026-58058
A flaw was found in Nmap. A remote attacker or a scanned target can send a specially crafted IPv6 response with a truncated extension header. This can lead to an integer underflow, causing out-of-bounds reads and a denial of service DoS due to a crash during raw IPv6 scans. Mitigation Mitigation...
SUSE-SU-2026:2676-1 Security update for bind
This update for bind fixes the following issues - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594. -...
kernel: netfilter: flowtable: strictly check for maximum number of actions
A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...
EUVD-2026-39978
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...
CVE-2026-58058
Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...
Linux Distros Unpatched Vulnerability : CVE-2026-56770
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential...
RLSA-2026:30129 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: rxrpc: fix RESPONSE authenticator parser OOB read CVE-2026-31636 kernel: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach CVE-2026-43038 kernel: tcp: fix potential race in...
CVE-2026-53228
A flaw was found in the Linux kernel's Simple Internet Transition SIT tunnel driver for IPv6. When processing network traffic with Generic Segmentation Offload GSO enabled, the driver may use a stale pointer to the inner IPv6 header after the socket buffer skb head has been reallocated. This can...
SUSE CVE-2026-53238
In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...
EUVD-2026-39580
iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...
kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()
A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...
kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()
A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...
CVE-2026-53006
A flaw was found in the Linux kernel's IPv6 Internet Protocol version 6 implementation. This vulnerability, a Use-After-Free UAF error, occurs due to incorrect caching of network packet addresses before a memory operation. An attacker could potentially exploit this flaw to cause memory corruption...
CVE-2026-7532
iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...
EUVD-2026-39532
CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...
CVE-2026-13351
Zephyr’s IPv6 network stack is vulnerable to a denial-of-service caused by fragmented IPv6 packets. In the fragment-header processing path, the RX network packet buffer allocated from a memory slab is not released back to the pool after handling malicious fragments. Repeating such packets exhaust...
CVE-2026-52690
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...