8 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT The nfsklookupslowv4 function performs the conntrack lookup for IPv4 packets in order to restore the original 5-tuple in case of SNAT, so that the correct socket if any can be...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992627)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992627 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nfsklookupslowv4 does the conntrack lookup for...
EUVD-2025-11372
Malicious code in bioql PyPI...
SUSE-SU-2025:20413-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer...
CVE-2025-22021
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nfsklookupslowv4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket if any. Then socketmatch can...
CVE-2025-22021
Summary (CVE-2025-22021): In the Linux kernel, the IPv6 SNAT path for socket lookups was missing a conntrack-based orig-tuple restoration, causing xt_socket to fail matching on SNATed IPv6 packets. Kubernetes uses IPv6 SNAT for pod-to-world traffic; in such environments, Cilium with Envoy relies ...
CVE-2025-22021 netfilter: socket: Lookup orig tuple for IPv6 SNAT
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nfsklookupslowv4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket if any. Then socketmatch can...
CVE-2025-22021
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nfsklookupslowv4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket if any. Then socketmatch can...