Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nbd: Always initialize struct msghdr completely. syzbot reports that the value of msg-msggetinq may be uninitialized 1. The struct msghdr has many new fields recently. We should always ensure that their values are zero by...

EUVD-2025-36448

In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP and UDP Recently, syzbot started to abuse NBD with all kinds of sockets. Commit cf1b2326b734 "nbd: verify socket is supported during setup" made sure the socket supported a shutdown method. Explicitel...

EUVD-2022-54931

Malicious code in bioql PyPI...

EUVD-2022-54927

Malicious code in bioql PyPI...

kernel: nbd: null check for nla_nest_start

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart The Linux kernel CVE team has assigned CVE-2024-27025 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T...

kernel: nbd: always initialize struct msghdr completely

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

Linux Distros Unpatched Vulnerability : CVE-2022-49300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nbd: fix race between nbdallocconfig and module removal When nbd module is being removing, nbdallocconfig may be called concurrently by nbdgenlconnect, although...

Linux Distros Unpatched Vulnerability : CVE-2022-49295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nbd: call genlunregisterfamily first in nbdcleanup Otherwise there may be race between module removal and the handling of netlink command, which can lead to the...

CVE-2022-49300

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbdallocconfig and module removal When nbd module is being removing, nbdallocconfig may be called concurrently by nbdgenlconnect, although trymoduleget will return false, but nbdallocconfig doesn't handle it...

CVE-2022-49300 nbd: fix race between nbd_alloc_config() and module removal

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbdallocconfig and module removal When nbd module is being removing, nbdallocconfig may be called concurrently by nbdgenlconnect, although trymoduleget will return false, but nbdallocconfig doesn't handle it...

CVE-2022-49300

CVE-2022-49300 affects the Linux kernel nbd subsystem. A race occurs when the nbd module is removed: nbd_genl_connect() may call nbd_alloc_config() concurrently, and although try_module_get() can fail, nbd_alloc_config() previously did not handle that. This can cause leakage of nbd_config and rel...

CVE-2022-49300

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbdallocconfig and module removal When nbd module is being removing, nbdallocconfig may be called concurrently by nbdgenlconnect, although trymoduleget will return false, but nbdallocconfig doesn't handle it...

CVE-2022-49300 nbd: fix race between nbd_alloc_config() and module removal

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between nbdallocconfig and module removal When nbd module is being removing, nbdallocconfig may be called concurrently by nbdgenlconnect, although trymoduleget will return false, but nbdallocconfig doesn't handle it...

PT-2024-7592

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue is related to a race condition between timeout and normal completion in the nbd module of the Linux kernel. This can lead to a use-after-free condition, potentially allowing an attack...

CVE-2023-52837

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbdopen Commit 4af5f2e03013 "nbd: use blkmqallocdisk and blkcleanupdisk" cleans up disk by blkcleanupdisk and it won't set disk-privatedata as NULL as before. UAF may be triggered in nbdopen if someone tries to op...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a vulnerability in the nbd module...

CVE-2021-46981 nbd: Fix NULL pointer in flush_workqueue

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...

CVE-2021-46981

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...