20 matches found
CVE-2026-31774
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix slab-out-of-bounds read in iobundlenbufs sqe-len is u32 but gets stored into sr-len which is int. When userspace passes sqe-len values exceeding INTMAX e.g. 0xFFFFFFFF, sr-len overflows to a negative value. This...
RHEL 9 : kernel (RHSA-2026:2759)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2759 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: xHCI driver...
Oracle Linux 10 : kernel (ELSA-2026-2282)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2282 advisory. - mptcp: Use skdstget and dstdevrcu in mptcpactiveenable. Davide Caratti RHEL-129044 CVE-2025-40133 - vsock/vmci: Clear the vmci transport packet...
SUSE CVE-2023-54030
In the Linux kernel, the following vulnerability has been resolved: iouring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenario OOM the task...
EUVD-2025-203786
In the Linux kernel, the following vulnerability has been resolved: iouring/net: ensure vectored buffer node import is tied to notification When support for vectored registered buffers was added, the import itself is using 'req' rather than the notification iokiocb, sr-notif. For non-vectored...
PT-2025-51647
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the io uring/cmd net subsystem related to incorrect argument types used in the skb queue splice function. Specifically, when timestamp retrieval...
EUVD-2025-26739
Malicious code in bioql PyPI...
CVE-2025-38730
CVE-2025-38730 concerns the Linux kernel io_uring/net handling of ring-provided buffers. The issue arises when a buffer acquired from the ring may remain valid across retries, and on the networking side, with MSG_WAITALL or streaming sockets with insufficient processing, the buffer could be kept ...
CVE-2025-38730 io_uring/net: commit partial buffers on retry
In the Linux kernel, the following vulnerability has been resolved: iouring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. iouring deals with this and invalidates them on retry. But on the...
PT-2025-4311 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the io uring/net component, where the kmsg-msg.msg inq variable may be used uninitialized. This can occur...
kernel: io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The Linux kernel CVE team has assigned CVE-2024-35827 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051741-CVE-2024-35827-822c@gregkh/T...
SUSE CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
DEBIAN-CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
CVE-2024-35827 io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
CVE-2024-35827 io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
CVE-2024-35827 io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix overflow check in iorecvmsgmshotprep The "controllen" variable is type sizet unsigned long. Casting it to int could lead to an integer underflow. The checkaddoverflow function considers the type of the destinatio...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.323.8.el7 - vhost-scsi: Fix alignment handling with windows Mike Christie Orabug: 35769318 - Revert 'vhost/scsi: support non zerocopy iovecs' Rajan Shanmugavelu Orabug: 35769318 5.4.17-2136.323.7.el7 - x86: change default to specstorebypassdisable=prctl spectrev2user=prctl Andrea...