159 matches found
EUVD-2026-39274
In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the window field in the TCP header refers to the MPTCP-level rcvnxt and it's right edge should not move backward. Such constraint is enforced at DSS option generation...
Astra Linux – Vulnerability in Twisted
Twisted is an event-based framework for internet applications, compatible with Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, potentially leading to information disclosure. This vulnerability has been fixed in 24.7.0rc1...
FreeBSD Security Advisory - FreeBSD-SA-26:31.arm64
FreeBSD Security Advisory - Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store...
Linux Distros Unpatched Vulnerability : CVE-2026-45889
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when...
SUSE CVE-2026-45889
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
EUVD-2026-32355
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
CVE-2026-45889
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
UBUNTU-CVE-2026-45889
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
CVE-2026-45889 mptcp: do not account for OoO in mptcp_rcvbuf_grow()
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
CVE-2026-45889
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
CVE-2026-45889
Summary: CVE-2026-45889 affects the Linux kernel’s Multipath TCP (MPTCP). The root cause is incorrect accounting for Out-of-Order (OoO) data in mptcp_rcvbuf_grow(), causing the MPTCP receive buffer to drift toward tcp_rmem[2]. The vulnerability is linked to a subtle race during rcvspace initializ...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect processing of out-of-order data during the mptcp receive buffer expansion. This can...
CVE-2026-45889
mptcp: do not account for OoO in mptcprcvbufgrow...
PT-2026-43756
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Multipath TCP MPTCP implementation where accounting for Out-of-Order OoO packets in the mptcp rcvbuf grow function causes the receive buffer to drift toward tcp...
CVE-2026-44600
A flaw was found in Tor. This vulnerability occurs due to mishandling of the conflux out-of-order queue accounting during queue clearing. A remote attacker with high attack complexity could exploit this flaw, leading to a denial of service...
SUSE CVE-2026-44600
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010...
SUSE CVE-2026-44602
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...
CVE-2026-44602
Tor before 0.4.9.7 is affected by a NULL pointer dereference when a CERT cell is received out of order (TROVE-2026-006). This can lead to a denial of service, rendering the Tor service unavailable to legitimate users. The issue is triggered remotely via crafted CERT cells; sources in Red Hat and ...
EUVD-2026-28304
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...
CVE-2026-44602
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006...