MiracleLinux 9 : kernel-5.14.0-427.31.1.el9_4 (AXSA:2024-8705:26)

"The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8705:26 advisory. kernel: phy: CVE-2024-26600 kernel: netfilter: multiple flaws CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005 kernel: cifs:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992670 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an...

Linux Distros Unpatched Vulnerability : CVE-2025-21891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1...

CVE-2025-21891

In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1 Add the needed pskbnetworkmaypull calls for both IPv4 and IPv6...

CVE-2025-21891

In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1 Add the needed pskbnetworkmaypull calls for both IPv4 and IPv6...

AZL-60331 CVE-2025-21891 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1 Add the needed pskbnetworkmaypull calls for both IPv4 and IPv6...

CVE-2025-21891

The CVE-2025-21891 entry concerns a Linux kernel ipvlan vulnerability where outbound IPv4/IPv6 headers could be read from skb->head if the network header was not in the skb’s linear part. The fix adds pskb_network_may_pull() calls for both IPv4 and IPv6 handlers (ipvlan_core.c: ipvlan_route_v6...

CVE-2025-21652 ipvlan: Fix use-after-free in ipvlan_get_iflink().

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlangetiflink. syzbot presented an use-after-free report 0 regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is...

CVE-2025-21652 ipvlan: Fix use-after-free in ipvlan_get_iflink().

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlangetiflink. syzbot presented an use-after-free report 0 regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper CVE-2023-52796 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries CVE-2023-52803 In the Linux...

CVE-2024-33621

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop through schdirectxmit path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775...

CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2023-52796 ipvlan: add ipvlan_route_v6_outbound() helper

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2022-48651

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

CVE-2022-48651 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

Important: kernel-livepatch-6.1.27-43.48

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

Important: kernel-livepatch-4.14.313-235.533

Issue Overview: A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb-cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIGIPVLA...

OESA-2023-1439 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A time-of-check to time-of-use issue exists in iouring subsystem's IORINGOPCLOSE operation in the Linux kernel's versions 5.6 - 5.11 inclusive, which allows a local user to elevate their privileges to root. Introduced in...