Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-1123)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : cifs: Fix UAF in cifsdemultiplexthreadCVE-2023-52572 net: fix data-races around sk-skforwardallocCVE-2024-53124 quota: flush...

CVE-2025-21731 nbd: don't allow reconnect after disconnect

In the Linux kernel, the following vulnerability has been resolved: nbd: don't allow reconnect after disconnect Following process can cause nbdconfig UAF: 1 grab nbdconfig temporarily; 2 nbdgenldisconnect flush all recvwork and release the initial reference: nbdgenldisconnect nbddisconnectandput...

kernel: nbd: null check for nla_nest_start

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart The Linux kernel CVE team has assigned CVE-2024-27025 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050107-CVE-2024-27025-babd@gregkh/T...

CVE-2024-49855

In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbdrequeuecmd, normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free can be triggered. Fix t...

CVE-2023-52837

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbdopen Commit 4af5f2e03013 "nbd: use blkmqallocdisk and blkcleanupdisk" cleans up disk by blkcleanupdisk and it won't set disk-privatedata as NULL as before. UAF may be triggered in nbdopen if someone tries to op...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6777-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6777-2 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to ...

CVE-2024-27025

In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nlaneststart nlaneststart may fail and return NULL. Insert a check and set errno based on other call sites within the same source code...

CVE-2024-26638

CVE-2024-26638 affects Linux kernel nbd: the patch fixes a KMSAN warning by always zero-initializing the msghdr structure (preventing uninitialized fields like msg_get_inq from leaking into recv paths). The issue arises because several recent msghdr fields could be left with indeterminate values,...

CVE-2021-46981

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...

CVE-2021-46981

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...

USN-4440-1 linux-hwe, linux-aws-5.3, linux-azure-5.3, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-oracle-5.3, linux-raspi2-5.3 vulnerabilities

It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the kernel-user space relay...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 : nbd vulnerability (USN-1155-1)

It was discovered that NBD incorrectly handled certain long requests. A remote attacker could use this flaw to cause NBD to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from t...

Ubuntu 5.10 : nbd vulnerability (USN-237-1)

Kurt Fitzner discovered that the NBD network block device server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privilege...