469 matches found
CVE-2023-53304 netfilter: nft_set_rbtree: fix overlap expiration walk
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix overlap expiration walk The lazy gc on insert that should remove timed-out entries fails to release the other half of the interval, if any. Can be reproduced with...
CVE-2023-53304
CVE-2023-53304 concerns the Linux kernel netfilter nft_set_rbtree code. The advisory describes three concrete issues resolved by patching: 1) a lazy garbage-collection on insert that may fail to release the other half of an interval, impacting interval timing expiration walks; 2) incorrect use of...
Linux Distros Unpatched Vulnerability : CVE-2022-1016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel in net/netfilter/nftablescore.c:nftdochain, which can cause a use-after-free. This issue needs to handle 'return' with prop...
Linux Distros Unpatched Vulnerability : CVE-2021-46992
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32b...
Linux Distros Unpatched Vulnerability : CVE-2021-47546
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present...
Linux Distros Unpatched Vulnerability : CVE-2024-6284
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended...
Linux Distros Unpatched Vulnerability : CVE-2025-52889
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rul...
Linux Distros Unpatched Vulnerability : CVE-2021-46996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Fix a memleak from userdata error path in new objects Release object na...
Linux Distros Unpatched Vulnerability : CVE-2023-35001
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nftbyteorder poorly handled vm register contents when CAPNETADMIN is in any user or network...
Linux Distros Unpatched Vulnerability : CVE-2025-52890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rul...
GO-2025-3782 Incus creates nftables rules that partially bypass security options in github.com/lxc/incus
Incus creates nftables rules that partially bypass security options in github.com/lxc/incus...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50085: dm raid: fix address sanitizer warning in raidresume bsc1245147. CVE-2022-50087: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fai...
SUSE-SU-2025:2264-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47557: net/sched: schets: do not peek at classes beyond 'nbands' bsc1207361 bsc1225468. - CVE-2021-47595: net/sched: schets: do not remove idle classes from...
Security Filter Bypass
github.com/lxc/incus is vulnerable to security filter bypass. The vulnerability is due to incorrect generation of nftables rules when applying ACLs on devices connected to a bridge, which allows ARP spoofing and full spoofing of another VM/container on the same bridge...
SUSE CVE-2025-52889
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services DHCP, DNS... that partially bypass security options security.macfiltering, security.ipv4filtering and...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the nftables rule generation process. An attacker can gain unauthorized access to network traffic and impersonate other virtual machines or containers by exploiting the partial bypass of security filtering...
Incus creates nftables rules that partially bypass security options
Summary When using an ACL on a device connected to a bridge, Incus generates nftables rules that partially bypass security options security.macfiltering, security.ipv4filtering and security.ipv6filtering. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the...
GHSA-P7FW-VJJM-2RWP Incus creates nftables rules that partially bypass security options
Summary When using an ACL on a device connected to a bridge, Incus generates nftables rules that partially bypass security options security.macfiltering, security.ipv4filtering and security.ipv6filtering. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the nftables rule generation process. An attacker can gain unauthorized access to network traffic and impersonate other virtual machines or containers by exploiting the partial bypass of security filtering...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper enforcement of resource limits in the nftables rules generation process for managed bridge networks. An attacker can exhaust the DHCP pool and disrupt network...