86 matches found
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fixed the issue with rcudereferenceprotected. When destroying all sets, we are either in the pernetexit phase or executing a “destroy all sets” command from user space. The latter was taken into account in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fixed a potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but this function is exposed to user space before the entry is allocated via...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: fixed out-of-bounds access in opsinit The netallocgeneric function is called by netalloc, which does not use any locking mechanisms. It reads maxgenptrs, which is modified under the pernetopsrwsem context. This reading occur...
SUSE CVE-2025-21641
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: blackhole timeout: avoid using current-nsproxy As mentioned in the previous commit, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
PT-2025-4322 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the Linux kernel, specifically the mptcp subsystem and its handling of the blackhole timeout via sysctl. The problem arises from using the net structure via current,...
SUSE CVE-2024-42269
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but the function is exposed to user space before the entry is allocated via...
AZL-47811 CVE-2024-42269 affecting package kernel for versions less than 6.6.47.1-1
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but the function is exposed to user space before the entry is allocated via...
DEBIAN-CVE-2024-42269
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but the function is exposed to user space before the entry is allocated via...
DEBIAN-CVE-2024-42270
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptablenattableinit. We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. 0 The problem is that iptablenattableinit is exposed to user space before the...
AZL-47814 CVE-2024-42270 affecting package kernel for versions less than 6.6.47.1-1
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptablenattableinit. We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. 0 The problem is that iptablenattableinit is exposed to user space before the...
UBUNTU-CVE-2024-42269
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but the function is exposed to user space before the entry is allocated via...
UBUNTU-CVE-2024-42270
In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptablenattableinit. We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. 0 The problem is that iptablenattableinit is exposed to user space before the...
SUSE CVE-2024-40993
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcudereferenceprotected When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in...
DEBIAN-CVE-2024-40993
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcudereferenceprotected When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in...
UBUNTU-CVE-2024-40993
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcudereferenceprotected When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in...
UBUNTU-CVE-2024-38612
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6init is wrong in case CONFIGIPV6SEG6LWTUNNEL is not defined. In that case if seg6hmacinit fails, the genlunregisterfamily isn't called. This issue exist since comm...
CVE-2024-36883
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in opsinit netallocgeneric is called by netalloc, which is called without any locking. It reads maxgenptrs, which is changed under pernetopsrwsem. It is read twice, first to allocate an array, then t...
DEBIAN-CVE-2024-36883
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in opsinit netallocgeneric is called by netalloc, which is called without any locking. It reads maxgenptrs, which is changed under pernetopsrwsem. It is read twice, first to allocate an array, then t...
UBUNTU-CVE-2024-36883
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in opsinit netallocgeneric is called by netalloc, which is called without any locking. It reads maxgenptrs, which is changed under pernetopsrwsem. It is read twice, first to allocate an array, then t...
SUSE CVE-2021-47507
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix nsfd startup race again Commit bd5ae9288d64 "nfsd: register pernet ops last, unregister first" has re-opened rpcpipefsevent race against nfsdnetid registration registerpernetsubsys which has been fixed by commit...