Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftchainfilter: handling of NETDEVUNREGISTER for inet/ingress basechain Remove netdevice from the inet/ingress basechain in case NETDEVUNREGISTER event is reported; otherwise, a stale reference to netdevice remains in...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the nftchainvalidate function potentially entering a recursive loop, which may lead to a CPU soft...

Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-150600105 fixes several issues. The following security issues were fixed: CVE-2024-49860: ACPI: sysfs: validate return type of STR method bsc1231862. CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. CVE-2025-38109: net/mlx5: fix ECVF vport...

kernel: netfilter: nf_tables: prefer nft_chain_validate

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

The vulnerability of the nft_chain_filter.c component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the nftchainfilter.c component in the Linux operating system is related to the disclosure of information. Exploiting this vulnerability could allow a perpetrator to cause a service failure...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfcworkerwakeup bsc1225820. CVE-2024-27397: netfilter: nftables: use timestamp to check for set...

CLSA-2024-1731603213 Fix of 76 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-44946 - kcm: Serialise kcmsendmsg for the same socket. CVE-url: https://ubuntu.com/security/CVE-2024-42292 - kobjectuevent: Fix OOB access within zapmodaliasenv CVE-url: https://ubuntu.com/security/CVE-2024-41042 - netfilter: nftables: prefer...

kernel: netfilter: nf_tables: prefer nft_chain_validate

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection because a cycle will result in a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also follows maps via -validate callback in...

kernel: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain

A vulnerability was found in the Linux kernel's netfilter subsystem, related to the nftchainfilter feature. This issue occurs when a NETDEVUNREGISTER event is reported, which can leave a stale reference to a network device in the ingress basechain. If this issue is not addressed, this stale...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a hit to the stack protection page due to an unbounded recursion that could result from old loop detection...

kernel: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain

A vulnerability was found in the Linux kernel's netfilter subsystem, related to the nftchainfilter feature. This issue occurs when a NETDEVUNREGISTER event is reported, which can leave a stale reference to a network device in the ingress basechain. If this issue is not addressed, this stale...

DEBIAN-CVE-2022-48642

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix percpu memory leak at nftablesaddchain It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a "netfilter: nftables: map basechain priority to hardware priority" wh...

DEBIAN-CVE-2024-26808

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftchainfilter: handle NETDEVUNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEVUNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook...

UBUNTU-CVE-2024-26808

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftchainfilter: handle NETDEVUNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEVUNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook...

kernel: nf_tables: use-after-free in nft_chain_lookup_byid()

A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nftablesapi.c in nftchainlookupbyid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup...

kernel: nf_tables: use-after-free in nft_chain_lookup_byid()

A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nftablesapi.c in nftchainlookupbyid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup...

kernel: nf_tables: use-after-free in nft_chain_lookup_byid()

A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nftablesapi.c in nftchainlookupbyid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup...

USN-6260-1: Linux kernel vulnerabilities

It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information kernel memory. CVE-2022-48502...

USN-6247-1 linux-oem-5.17 vulnerabilities

David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. CVE-2022-2663 It was...

USN-6246-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-3090...