51 matches found
CVE-2025-38622
In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...
CVE-2025-38622 net: drop UFO packets in udp_rcv_segment()
In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...
CVE-2025-38622 net: drop UFO packets in udp_rcv_segment()
In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...
Linux Distros Unpatched Vulnerability : CVE-2024-30161
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are...
kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb-protocol,data,macheader for outer header in nshgsosegment. syzbot triggered various splats see 0 and links by a crafted GSO packet of VIRTIONETHDRGSOUDP layering the following protocols: ETHP8021AD + ETHPNSH +...
OESA-2025-1594 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: test for not too small csumstart in virtionethdrtoskb syzbot was able to trigger this warning 1, after injecting a malicious packet through afpacket, settin...
The vulnerability of Nomad application orchestrators, related to incorrect processing of network packet headers, allows attackers to escalate their privileges.
The vulnerability of Nomad application orchestrators is related to incorrect processing of network packet headers. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
The vulnerability of the netdevsim component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the netdevsim component in the Linux operating system’s kernel is related to improper handling of the network packet header in the nsimdevhealthbreakwrite function. Exploiting this vulnerability can allow an attacker to cause a service failure...
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive headers incorrectly sent after...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ipvlan not ensuring that the network header is in the linear portion of the skb, which could lead to...
CVE-2024-10604
Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...
kernel: geneve: make sure to pull inner header in geneve_rx()
In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...
CVE-2024-49947 net: test for not too small csum_start in virtio_net_hdr_to_skb()
In the Linux kernel, the following vulnerability has been resolved: net: test for not too small csumstart in virtionethdrtoskb syzbot was able to trigger this warning 1, after injecting a malicious packet through afpacket, setting skb-csumstart and thus the transport header to an incorrect value...
net: drop bad gso csum_start and offset in virtio_net_hdr
...
PYSEC-2024-260
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...
DEBIAN-CVE-2024-41090
In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tapgetuserxdp path, which could cause a corrupted skb to be sent downstack. Even before the skb is...
CVE-2024-35973 geneve: fix header validation in geneve[6]_xmit_skb
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in genevexmit 1 Problem : While most ip tunnel helpers like iptunnelgetdsfield uses skbprotocolskb, true, pskbinetmaypull is only using...
CVE-2024-35973 geneve: fix header validation in geneve[6]_xmit_skb
In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in genevexmit 1 Problem : While most ip tunnel helpers like iptunnelgetdsfield uses skbprotocolskb, true, pskbinetmaypull is only using...
CVE-2024-27015
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...
AZL-40168 CVE-2024-26882 affecting package kernel for versions less than 6.6.29.1-3
In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: make sure to pull inner header in iptunnelrcv Apply the same fix than ones found in : 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" 1ca1ba465e55 "geneve: make sure to pull inner header in...