Lucene search
+L

1208 matches found

astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A use-after-free vulnerability was discovered in the Linux kernel’s netfilter subsystem, specifically in the net/netfilter/nftablesapi.c file. Improper error handling related to NFTMSGNEWRULE allows a dangling pointer to be used within the same transaction, leading to a use-after-free...

7.8CVSS6.6AI score0.00871EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fixed a potential data race in nftobjtypeget. The function nftunregisterobj can occur concurrently with nftobjtypeget. There is no protection when iterating over the nftablesobjects list in nftobjtypeget...

4.7CVSS6.5AI score0.00197EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc Lazy garbage collection for rbtree during insertions may collect end interval elements that have just been added during these transactions. These elements are skipped, as...

7.8CVSS5.8AI score0.02224EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: clonesetfence only applies to the flushed set Syzbot, using fault injection, triggered a failing memory allocation with GFPKERNEL, resulting in a WARN message: iter.err WARNING: net/netfilter/nftablesapi.c:84...

5.5CVSS5.8AI score0.00135EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: Fixed an issue with overlapping expiration walks. The lazy garbage collection during insertion, which should remove entries when the timeout occurs, fails to properly release the remaining part of the...

5.5CVSS5.3AI score0.00146EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.15 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: fixed a null dereference issue when inserting elements into the RBTree structure. There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: General protection faults, likely due to an...

5.5CVSS5.9AI score0.00132EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftlimit: avoided a possible division error in nftlimitinit divu64 divides an u64 value by an u32 value. nftlimitinit attempts to divide an u64 value by another u64 value; the appropriate math function div64u64 shou...

5.5CVSS6.1AI score0.00241EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: addelem"00000000" timeout 100 ms ... addelem"0000000X"...

5.9CVSS6.3AI score0.01287EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

The nftablesnewset function in net/netfilter/nftablesapi.c in the Linux kernel before version 5.12.13 allows local users to cause a denial of service due to NULL pointer dereferencing and general protection faults, caused by the absence of initialization for nftsetelemexpralloc. A local user can...

5.5CVSS6.3AI score0.00316EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the net/netfilter/nftablesapi.c file within the Linux kernel, up to version 5.18.1, it is possible for a local user who can create user/net namespaces to escalate privileges to root. This occurs because an incorrect NFTSTATEFULEXPR check leads to a use-after-free vulnerability...

7.8CVSS6.5AI score0.02881EPSS
Exploits6References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttproxy: restrict to prerouting hook TPROXY is only allowed during prerouting, but nfttproxy does not check this. This fix resolves a crash null dereference that occurs when using tproxy from, for example, the output...

5.5CVSS6.2AI score0.00159EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: The issue of underflow in the chain reference counter was fixed. The error in adding elements in the set element path causes the reference counter to be decremented twice—once when releasing an element and...

5.8AI score0.00155EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftchainfilter: handling of NETDEVUNREGISTER for the inet/ingress basechain. Remove netdevice from the inet/ingress basechain in case NETDEVUNREGISTER event is reported; otherwise, a stale reference to netdevice remain...

5.5CVSS6.1AI score0.00245EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol numbers in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocols without ports, as the destination port is a mandatory attribut...

7.1CVSS5.8AI score0.00237EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: Configurations that cause integer overflow are now rejected. Invalid configurations where the internal token counter wraps around are also rejected. This issue only occurs with very, very large requests, such...

5.5CVSS5.5AI score0.00241EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The commit mutex should not be released during the critical section between nftgcseqBegin and nftgcseqEnd. Otherwise, the async GC worker could collect expired objects and obtain the released commit lock with...

5.5CVSS5.8AI score0.00258EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10, Linux

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first gain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw resides within...

5.1CVSS6AI score0.0061EPSS
Exploits0References2
nessus
nessus
added 2026/05/20 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021636 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsocket: fix sk refcount leaks We must put 'sk' reference before returning. Tenable...

5.5CVSS5.8AI score0.00217EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/05/12 1:31 p.m.10 views

CVE-2026-43916 pam_authnft: Heap buffer overflow in NETLINK_SOCK_DIAG reply walker

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/12 12:0 a.m.22 views

PT-2026-46007

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.2 and later Description A desynchronization issue exists in the nft inner parse l2l3 function when processing inner IPv6 packets. While the ipv6 find hdr function correctly calculates the transport header offset by...

9.4CVSS5.3AI score0.00322EPSS
Exploits0
Rows per page
Query Builder