Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

A NULL pointer dereference flaw was discovered in the rawv6pushpendingframes function in net/ipv6/raw.c within the network subcomponent of the Linux kernel. This flaw can cause the system to crash...

kernel: ipv6: use RCU in ip6_output()

A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000726 advisory. The ip6appenddatamtu function in net/ipv6/ip6output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about...

Linux Distros Unpatched Vulnerability : CVE-2024-56644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6negativeadvice when this function is executed for an expired IPv6 route...

Linux Distros Unpatched Vulnerability : CVE-2022-49339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination...

CVE-2022-48910

The CVE-2022-48910 case concerns the Linux kernel IPv6 addrconf path: when NETDEV_DOWN is triggered for reasons other than actual interface down, repeated calls can leak one ifmcaddr6 per multicast group by leaking idev->mc_tomb. The fix is to ensure ipv6_mc_down() runs at most once per state ...

RXSA-2024:4928 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned CVE-2023-52458 kernel: ext4: avoid allocating blocks from corrupted group in ext4mbtrybestfoun...

Oracle Linux 9 : kernel (ELSA-2024-4928)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4928 advisory. - mlxbfgige: call requestirq after NAPI initialized Kamal Heib RHEL-43012 RHEL-37179 CVE-2024-35907 - mlxbfgige: stop PHY during open error paths Kamal...

RHEL 9 : kernel (RHSA-2024:4928)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4928 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: block: null pointer dereferenc...

RHEL 9 : kernel (RHSA-2024:4533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4533 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: TIPC message reassembly...

kernel: NULL pointer dereference in rawv6_push_pending_frames

A NULL pointer dereference flaw was found in rawv6pushpendingframes in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash...

SUSE CVE-2019-18198

In the Linux kernel before 5.3.4, a reference count usage error in the fib6rulesuppress function in the fib6 suppression feature of net/ipv6/fib6rules.c, when handling the FIBLOOKUPNOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753...

CVE-2023-0394

A NULL pointer dereference flaw was found in rawv6pushpendingframes in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash...

Oracle Linux 8 : kernel (ELSA-2022-5316)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5316 advisory. - debug: lockdown kgdb Orabug: 34270802 CVE-2022-21499 - esp: limit skbpagefragrefill use to a single page Sabrina Dubroca 2062114 CVE-2022-27666 - esp...

GSD-2022-1002957 net: ipv6: unexport __init-annotated seg6_hmac_init()

net: ipv6: unexport init-annotated seg6hmacinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 24 for SLE 15) (SUSE-SU-2022:1215-1)

The remote SUSE Linux SLES12 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1215-1 advisory. - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a...

Linux Kernel Buffer Overflow Vulnerability (CNVD-2022-79427)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer overflow vulnerability that originates from not properly validating data boundaries when net/ipv4/esp4.c and net/ipv6/esp6.c perform...

CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. Mitigation The given exploit needs...

CVE-2022-27666

A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat...

CVE-2020-27066

In xfrm6tunnelfreespi of net/ipv6/xfrm6tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID...