PT-2023-35136 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.91 Description: The issue concerns a potential Spectre v1 gadget in the netlink component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions pri...

PT-2023-34981 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.9 Description: The issue concerns a potential Spectre v1 gadget in the netlink component. The actual impact and attack plausibility have not yet been proven. It was introduced in version v2.6.15 and fixed i...

PT-2022-34843 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.146 Description: The issue concerns a potential security vulnerability in the netlink component of wireguard, where a variable-sized memcpy on sockaddr could be problematic. The actual impact and attack...

PT-2022-34817 · Wireguard +1 · Wireguard +1

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.71 Description: The issue concerns a potential security vulnerability in the netlink component of WireGuard, related to a variable-sized memcpy on sockaddr. The actual impact and attack plausibility have n...

kernel: Information leak in the RTNETLINK component

The rtnlfillifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...