MiracleLinux 9 : kernel-5.14.0-427.31.1.el9_4 (AXSA:2024-8705:26)

"The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8705:26 advisory. kernel: phy: CVE-2024-26600 kernel: netfilter: multiple flaws CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005 kernel: cifs:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992670 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an...

Linux Distros Unpatched Vulnerability : CVE-2025-21891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1...

The vulnerability of the ipvlan component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ipvlan component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2025-21891

In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1 Add the needed pskbnetworkmaypull calls for both IPv4 and IPv6...

CVE-2025-21891

In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1 Add the needed pskbnetworkmaypull calls for both IPv4 and IPv6...

AZL-60331 CVE-2025-21891 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlanprocessv6outbound was assuming the IPv6 network header isis present in skb-head 1 Add the needed pskbnetworkmaypull calls for both IPv4 and IPv6...

CVE-2025-21891

The CVE-2025-21891 entry concerns a Linux kernel ipvlan vulnerability where outbound IPv4/IPv6 headers could be read from skb->head if the network header was not in the skb’s linear part. The fix adds pskb_network_may_pull() calls for both IPv4 and IPv6 handlers (ipvlan_core.c: ipvlan_route_v6...

CVE-2025-21652 ipvlan: Fix use-after-free in ipvlan_get_iflink().

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlangetiflink. syzbot presented an use-after-free report 0 regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is...

CVE-2025-21652 ipvlan: Fix use-after-free in ipvlan_get_iflink().

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlangetiflink. syzbot presented an use-after-free report 0 regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper CVE-2023-52796 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries CVE-2023-52803 In the Linux...

CVE-2024-33621

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop through schdirectxmit path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775...

CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2023-52796 ipvlan: add ipvlan_route_v6_outbound() helper

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2022-48651

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

CVE-2022-48651 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

Important: kernel-livepatch-6.1.27-43.48

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

Important: kernel-livepatch-4.14.313-235.533

Issue Overview: A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb-cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIGIPVLA...

OESA-2023-1439 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: A time-of-check to time-of-use issue exists in iouring subsystem's IORINGOPCLOSE operation in the Linux kernel's versions 5.6 - 5.11 inclusive, which allows a local user to elevate their privileges to root. Introduced in...