121 matches found
CVE-2026-10638
subsys/net/ip/icmpv6.c reads the network interface from a netpkt after that packet has been handed to nettrysenddata. In icmpv6handleechorequest and neticmpv6senderror, the post-send statistics update calls netpktifacereply/netpktifacepkt on the just-sent packet. The send path nettrysenddata -...
CVE-2026-10637
subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...
CVE-2026-10637
CVE-2026-10637 describes a use-after-free in Zephyr’s IPv6 MLD send path: after net_send_data(pkt) returns, mld_send() reads net_pkt_iface(pkt), which may point to freed memory because ownership transfers to the L2 driver and the packet is returned to the k_mem_slab. If the freed slot has been re...
CVE-2026-10636 Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)
In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...
net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()
...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001129)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001129 advisory. The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users t...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992637)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992637 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices...
Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50116: Update config files. Disable NGSM bsc1244824 jscPED-8240. CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249846. CVE-2022-50381:...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_8
This update for kernel-livepatch-MICRO-6-0-RTUpdate8 fixes the following issues: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 CVE-2025-38617: net/packet: fix a race in packetsetring and...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/packet: a race condition in packetsetring and packetnotifier has been fixed. When packetsetring releases po-bindlock, another thread may execute packetnotifier and process an NETDEVUP event. This race condition is similar to...
net/packet: fix a race in packet_set_ring() and packet_notifier()
...
Linux Distros Unpatched Vulnerability : CVE-2025-38617
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVU...
AZL-66608 CVE-2025-38617 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...
DEBIAN-CVE-2025-38617
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...
AZL-73611 CVE-2025-38617 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...
UBUNTU-CVE-2025-38617
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...
CVE-2025-38617
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...
CVE-2025-38617 net/packet: fix a race in packet_set_ring() and packet_notifier()
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...
Linux Distros Unpatched Vulnerability : CVE-2022-48839
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/packet: fix slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket is using PACKETCOPYTHRESH and mmap operations, tpacketrcv i...
PT-2025-34363
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists in the packet set ring and packet notifier functions within the net/packet module. This occurs when packet set ring releases po-bind lock, allowing another thre...