48 matches found
CVE-2026-53349
CVE-2026-53349 concerns the Linux kernel netfilter nf_conntrack component where a stale exp->expectfn pointer can survive module removal (e.g., nf_nat_h323) and be invoked later, causing a crash (Oops) in init_conntrack when a connection arrives. The fix adds nf_ct_helper_expectfn_destroy() to...
CVE-2026-53349
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g. ipnatq931expect. nfcthelperexpectfnunregister only unlinks the callba...
SUSE-SU-2026:22458-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in...
Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38472, CVE-2025-38527, CVE-2025-38718, CVE-2025-39682, CVE-2025-39698 Vulnerability Details CVEID:CVE-2025-38472 DESCRIPTION: In the Linux kernel, the following...
ROS-20260313-73-0040
A vulnerability in the nfconntrackfindget function of the Netfilter component of the Linux kernel is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2026-23016
In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and I can also reproduce this...
CLSA-2025-1760546935 kernel: Fix of 43 CVEs
locking/wwmutex/test: Fix potential workqueue corruption CVE-2023-52836 - netfilter: ipset: Fix suspicious rcudereferenceprotected CVE-2024-40993 - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type CVE-2024-39503 - netfilter: ipset: Missing gc cancellations fixed...
RLSA-2025:16880 Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nfconntrack: fix crash due to removal of uninitialised entry CVE-2025-38472 kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: sctp: linearize...
AlmaLinux 10 : kernel (ALSA-2025:15005)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15005 advisory. kernel: udp: Fix memory accounting leak. CVE-2025-22058 kernel: netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 kernel: ext4: only...
EUVD-2007-1491
Malware in sbrugna...
EUVD-2021-24667
Malware in sbrugna...
EUVD-2023-59682
Malicious code in bioql PyPI...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nfconntrack: fix crash due to removal of uninitialised entry CVE-2025-38472 kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: sctp: linearize...
CVE-2025-38472 netfilter: nf_conntrack: fix crash due to removal of uninitialised entry
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucket list: exception RIP: nfctdeletefromlists+172 .. 7...
CVE-2025-38472
In CVE-2025-38472, the issue is in the Linux kernel nf_conntrack path (netfilter) where a race during removal of a conntrack entry can result in a crash when unlinking from the hash bucket list. The crash is linked to a partially initialised nf_conn struct and mis-handling of the conntrack entry’...
CVE-2023-52927
In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nfctfindexpectation Currently nfconntrackin calling nfctfindexpectation will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the...
CVE-2022-48974 netfilter: conntrack: fix using __this_cpu_add in preemptible
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: fix using thiscpuadd in preemptible Currently in nfconntrackhashcheckinsert, when it fails in nfctextvalidpre/post, NFCTSTATINC will be called in the preemptible context, a call trace can be triggered: BUG:...
CVE-2021-47174
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: Add irqfpuusable check, fallback to non-AVX2 version Arturo reported this backtrace: 709732.358791 WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernelfpubeginmask+0xae/0xe0 709732.358793...
CVE-2021-47129
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...
CVE-2021-47129 netfilter: nft_ct: skip expectations for confirmed conntrack
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...