15 matches found
CVE-2025-68206
In CVE-2025-68206, the Linux kernel netfilter nft_ct subsystem is fixed by adding a seqadj extension for natted connections. The issue affected FTP traffic (PASV/EPSV modes) where NAT rewrites of FTP control payloads could require adjustments to TCP length and the expected seq/ack_seq, breaking o...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 9 : kernel (RHSA-2024:3306)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3306 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nftables: mark set ...
Moderate: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nftables: mark set as dead when unbinding anonymous set with timeout CVE-2024-26643 kernel: netfilter: nftables: disallow anonymous set with timeout flag CVE-2024-26642 kernel:...
SUSE CVE-2024-26673
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...
CVE-2024-26673
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...
CVE-2024-26673
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...
CVE-2024-26673 netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for...
CVE-2021-47129
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...
CVE-2021-47129
CVE-2021-47129 (Linux kernel) : The netfilter nft_ct logic could trigger invalid CT helper usage. Specifically, nft_ct_expect_obj_eval() called nf_ct_ext_add() for a confirmed conntrack entry, but nf_ct_ext_add() only accepts unconfirmed entries, causing an invalid path and warning in nf_conntrac...
CVE-2021-47129 netfilter: nft_ct: skip expectations for confirmed conntrack
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...
GSD-2021-1000798 netfilter: nft_ct: skip expectations for confirmed conntrack
netfilter: nftct: skip expectations for confirmed conntrack This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...
UVI-2021-1000798 netfilter: nft_ct: skip expectations for confirmed conntrack
netfilter: nftct: skip expectations for confirmed conntrack This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.10 by commit...
UVI-2021-1000767 netfilter: nft_ct: skip expectations for confirmed conntrack
netfilter: nftct: skip expectations for confirmed conntrack This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit...
GSD-2021-1000767 netfilter: nft_ct: skip expectations for confirmed conntrack
netfilter: nftct: skip expectations for confirmed conntrack This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commit...