EUVD-2022-55678

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...

SUSE CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

UBUNTU-CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the use of skdstgetsk-dev by the getnetdevforsock function in non-RCU environments, which could lead to reuse...

kernel: idpf: check error for register_netdev() on init

In the Linux kernel, the following vulnerability has been resolved: idpf: check error for registernetdev on init Current init logic ignores the error code from registernetdev, which will cause WARNON on attempt to unregister it, if there was one, and there is no info for the user that the creatio...

kernel: idpf: check error for register_netdev() on init

In the Linux kernel, the following vulnerability has been resolved: idpf: check error for registernetdev on init Current init logic ignores the error code from registernetdev, which will cause WARNON on attempt to unregister it, if there was one, and there is no info for the user that the creatio...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990051)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990051 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fddi: fix UAF in fzaprobe fp is netdev private data and it cannot be used after freenetdev...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989991)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989991 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use-after-free in rtl8712dlfw Syzbot reported use-after-free in rtl8712dlfw...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990114 advisory. In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emacremove adpt is netdev private data and it cannot be used after...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989412)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989412 advisory. In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939netdevstart: fix UAF for rxkref of j1939priv It will trigger UAF for rxkref of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988776)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988776 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hamradio: fix memory leak in mkissclose My local syzbot instance hit memory leak in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989541)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989541 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2ethremove Access to netdev after freenetdev will cause...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988897)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988897 advisory. In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEVUNREGISTER event Current macsec netdev notify handler...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990015)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990015 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: synclinkgt: Fix null-pointer-dereference in slgtclean When the driver fails at allochdlcdev,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989119)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989119 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smcvlanbytcpsk Coverity reports a possible NULL...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989079)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989079 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: synclinkgt: Fix null-pointer-dereference in slgtclean When the driver fails at allochdlcdev,...