Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fixed information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the newly added packettype by reading the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003428 advisory. net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows local...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003419)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003419 advisory. net/netfilter/xtosf.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for addcallback and removecallback operations, which allows loca...

EUVD-2021-24667

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986951 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986450 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet...

Linux Distros Unpatched Vulnerability : CVE-2017-17448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows...

CVE-2025-22089 RDMA/core: Don't expose hw_counters outside of init net namespace

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hwcounters outside of init net namespace Commit 467f432a521a "RDMA/core: Split port and device counter sysfs attributes" accidentally almost exposed hw counters to non-init net namespaces. It didn't expose...

kernel: nfs: Handle error of rpc_proc_register() in nfs_net_init().

In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpcprocregister in nfsnetinit. syzkaller reported a warning 0 triggered while destroying immature netns. rpcprocregister was called in initnfsfs, but its error has been ignored since at least the initial comm...

DEBIAN-CVE-2025-21864

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

DEBIAN-CVE-2025-21865

In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtpnetexitbatchrtnl. Brad Spengler reported the listdel corruption splat in gtpnetexitbatchrtnl. 0 Commit eb28fd76c0a0 "gtp: Destroy device along with udp socket's netns dismantle." added th...

DEBIAN-CVE-2025-21678

In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtpnewlink links the device to a list in devnetdev instead of srcnet, where a udp tunnel socket is created. Even when srcnet is removed, the device stays alive on...

SUSE CVE-2022-48757

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

DEBIAN-CVE-2022-48757

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

UBUNTU-CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...

UBUNTU-CVE-2024-35884

In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and...

CVE-2021-46975

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Make global sysctls readonly in non-init netns These sysctls point to global variables: - NFSYSCTLCTMAX &nfconntrackmax - NFSYSCTLCTEXPECTMAX &nfctexpectmax - NFSYSCTLCTBUCKETS &nfconntrackhtablesizeuser...

CVE-2021-46975

Removed by vendor...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: Make tcpallowedcongestioncontrol readonly in non-init netns Currently, tcpallowedcongestioncontrol is global and writable; writing to it in any net namespace will leak into all other net namespaces...