Lucene search
K

57 matches found

Cvelist
Cvelist
added 2025/10/15 7:56 a.m.38 views

CVE-2025-39987 can: hi311x: populate ndo_change_mtu() to prevent buffer overflow

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKET...

0.0022EPSS
Exploits0References8
CVE
CVE
added 2025/10/15 7:56 a.m.20 views

CVE-2025-39986

CVE-2025-39986 affects the Linux kernel sun4i_can CAN driver. Root cause: sun4i_can did not populate net_device_ops->ndo_change_mtu(), allowing an attacker to set an invalid MTU (e.g., 9999) via ip link and then use PF_PACKET with ETH_P_CANXL to inject frames. The PF_PACKET path only checks sk...

6.6AI score0.00215EPSS
Exploits0References8
CVE
CVE
added 2025/10/15 7:56 a.m.26 views

CVE-2025-39985

In CVE-2025-39985, the Linux kernel’s mcba_usb CAN driver could bypass MTU enforcement via PF_PACKET, allowing a malformed CAN XL frame to reach xmit() and trigger a buffer overflow. The root cause is that mcba_usb does not populate net_device_ops->ndo_change_mtu(), so a user can set an invali...

6.7AI score0.0022EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.6 views

PT-2025-42260

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mcba usb CAN driver related to handling PF PACKET sockets and CAN XL frames. Specifically, the driver lacks proper MTU validation through the ndo chan...

7.7CVSS7.6AI score0.0022EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/15 12:0 a.m.4 views

PT-2025-42263

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's CAN subsystem, specifically within the etas es58x driver. Sending a PF PACKET can bypass the CAN framework's logic and directly reach the driver's xmi...

7.7CVSS7.6AI score0.00215EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/09/03 3:48 p.m.7 views

kernel: net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

7.1CVSS6.8AI score0.00222EPSS
Exploits0References5
OSV
OSV
added 2024/08/23 11:8 a.m.7 views

OESA-2024-2028 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop throug...

7.8CVSS6.5AI score0.00741EPSS
Exploits1References20
RedHat Linux
RedHat Linux
added 2024/08/15 5:34 a.m.2 views

kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop through schdirectxmit path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775...

5.5CVSS6.8AI score0.00265EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/08 4:53 a.m.7 views

kernel: net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

7.1CVSS6.8AI score0.00222EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/08 4:44 a.m.3 views

kernel: net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

7.1CVSS6.8AI score0.00222EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/06/22 4:8 a.m.5 views

SUSE CVE-2022-48757

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

5.5CVSS7.5AI score0.00222EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/06/22 3:40 a.m.3 views

SUSE CVE-2024-33621

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop through schdirectxmit path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775...

5.5CVSS6.7AI score0.00265EPSS
Exploits0References3
OSV
OSV
added 2024/06/21 11:15 a.m.3 views

DEBIAN-CVE-2024-33621

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop through schdirectxmit path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775...

5.5CVSS5.9AI score0.00265EPSS
Exploits0References1
OSV
OSV
added 2024/06/20 12:15 p.m.4 views

DEBIAN-CVE-2022-48757

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

7.1CVSS5.4AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2024/06/20 12:15 p.m.20 views

CVE-2022-48757

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

7.1CVSS0.00222EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2024/06/20 11:13 a.m.16 views

CVE-2022-48757 net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

6.4AI score0.00222EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/06/20 11:13 a.m.26 views

CVE-2022-48757 net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

0.00222EPSS
Exploits0References9
CVE
CVE
added 2024/06/20 11:13 a.m.133 views

CVE-2022-48757

In the Linux kernel vulnerability CVE-2022-48757, information leakage occurs in /proc/net/ptype: within one net namespace, a packet socket created without binding to a device can expose the new packet_type to other namespaces by reading /proc/net/ptype. The fix adds a net pointer in packet_type t...

7.1CVSS6.2AI score0.00222EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/06/20 11:13 a.m.18 views

CVE-2022-48757 net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

7.1CVSS5.7AI score0.00222EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2024/06/20 12:0 a.m.22 views

CVE-2022-48757

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

7.1CVSS6.3AI score0.00222EPSS
Exploits0References11
Rows per page
Query Builder