Lucene search
K

122 matches found

NVD
NVD
added 2026/06/16 3:16 p.m.18 views

CVE-2026-10638

subsys/net/ip/icmpv6.c reads the network interface from a netpkt after that packet has been handed to nettrysenddata. In icmpv6handleechorequest and neticmpv6senderror, the post-send statistics update calls netpktifacereply/netpktifacepkt on the just-sent packet. The send path nettrysenddata -...

7.5CVSS0.00352EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 p.m.9 views

CVE-2026-10637

subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...

7.1CVSS0.00299EPSS
Exploits1References2
CVE
CVE
added 2026/06/16 1:13 p.m.12 views

CVE-2026-10637

CVE-2026-10637 describes a use-after-free in Zephyr’s IPv6 MLD path: after net_send_data(pkt) returns, the code reads net_pkt_iface(pkt) from a freed net_pkt, risking NULL or stale pointers and potential crash or memory corruption. The root cause is violating the network stack ownership contract;...

7.1CVSS5.4AI score0.00299EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/16 1:12 p.m.26 views

CVE-2026-10636 Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)

In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...

3.7CVSS0.00261EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/packet: A race condition in packetsetring and packetnotifier was fixed. When packetsetring releases po-bindlock, another thread may execute packetnotifier and process an NETDEVUP event. This race condition is similar to th...

4.7CVSS6.4AI score0.00288EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/02 8:4 a.m.7 views

net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()

...

7.8CVSS5.8AI score0.00103EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001129)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001129 advisory. The packetsetring function in net/packet/afpacket.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users t...

7.8CVSS6.6AI score0.17827EPSS
Exploits17References15
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992637 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: do not use skbget before devqueuexmit syzbot is able to crash hosts 1, using llc and devices...

5.5CVSS6.2AI score0.002EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/12/15 12:0 a.m.2 views

The vulnerability in the net/packet/af_packet.c component of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the net/packet/afpacket.c component of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability allows an attacker to cause service failures...

4.1CVSS6.7AI score0.00288EPSS
Exploits0References19Affected Software5
SUSE Linux
SUSE Linux
added 2025/12/01 10:12 a.m.4 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50116: Update config files. Disable NGSM bsc1244824 jscPED-8240. CVE-2022-50252: igb: Do not free qvector unless new one was allocated bsc1249846. CVE-2022-50381:...

8.5CVSS7.3AI score0.01345EPSS
Exploits8References92
SUSE Linux
SUSE Linux
added 2025/11/05 4:26 p.m.6 views

Security update for kernel-livepatch-MICRO-6-0-RT_Update_8

This update for kernel-livepatch-MICRO-6-0-RTUpdate8 fixes the following issues: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 CVE-2025-38617: net/packet: fix a race in packetsetring and...

7.3CVSS7.9AI score0.00288EPSS
Exploits0References12
Microsoft CVE
Microsoft CVE
added 2025/09/04 5:34 a.m.8 views

net/packet: fix a race in packet_set_ring() and packet_notifier()

...

4.7CVSS6.8AI score0.00288EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-38617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVU...

4.7CVSS6.8AI score0.00288EPSS
Exploits0References3
OSV
OSV
added 2025/08/22 2:15 p.m.5 views

AZL-66608 CVE-2025-38617 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

4.7CVSS6.8AI score0.00288EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 2:15 p.m.4 views

DEBIAN-CVE-2025-38617

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

4.7CVSS5.6AI score0.00288EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 2:15 p.m.14 views

AZL-73611 CVE-2025-38617 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

4.7CVSS6.8AI score0.00288EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 2:15 p.m.11 views

UBUNTU-CVE-2025-38617

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

4.7CVSS6AI score0.00288EPSS
Exploits0References53
Debian CVE
Debian CVE
added 2025/08/22 1:1 p.m.12 views

CVE-2025-38617

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

4.7CVSS5.6AI score0.00288EPSS
Exploits0
OSV
OSV
added 2025/08/22 1:1 p.m.13 views

CVE-2025-38617 net/packet: fix a race in packet_set_ring() and packet_notifier()

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

4.7CVSS6.3AI score0.00288EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2022-48839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/packet: fix slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket is using PACKETCOPYTHRESH and mmap operations, tpacketrcv i...

5.5CVSS6.7AI score0.00257EPSS
Exploits0References2
Rows per page
Query Builder