870 matches found
Siemens Ruggedcom ROX Use After Free (CVE-2022-41858)
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sltxtimeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. This plugin only works with Tenable.ot...
CVE-2025-34171
CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...
kernel: net: tun: Update napi->skb after XDP process
A use-after-free flaw was found in tungetuser in drivers/net/tun.c in network TUNnel module in Linux kernel. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...
kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
A vulnerability was found in cloneprivatemount in fs/namespace.c in filesystem subsystem in the Linux Kernel.This flaw could allow a local attacker to crash the system or leak kernel internal information...
CVE-2023-53863
In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...
CVE-2023-53863 netlink: do not hard code device address lenth in fdb dumps
In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...
CVE-2023-53863 netlink: do not hard code device address lenth in fdb dumps
In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...
PT-2025-49754
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the netlink subsystem related to handling device address lengths in frame database fdb dumps. Specifically, the code hardcoded the device address...
net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
...
SUSE CVE-2025-40278
In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...
CVE-2025-40278
In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...
EUVD-2025-201577
In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...
CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...
CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...
kernel: KVM: arm64: Tear down vGIC on failed vCPU creation
A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990483)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990483 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfsioctllogicaltoino Syzbot reported the following information...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989754)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989754 advisory. In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990042)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990042 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfsioctllogicaltoino Syzbot reported the following information...
Siemens SIMATIC and SCALANCE Devices Use After Free (CVE-2023-3141)
A use-after-free flaw was found in r592remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC Devices Use After Free (CVE-2023-1652)
A use-after-free flaw was found in nfsd4sscsetupdul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. This plugin only works with Tenable.ot. Please visit...