Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the unused skbheaderpointer function in the TCPv4 GSO fragoff check, which results in a direct dereference o...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: The sun4iCan driver’s ndochangemtu function needs to be updated to prevent buffer overflows. Sending a PFPACKET message allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The only...

CVE-2023-4809

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a...

SUSE CVE-2025-39988

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the...

CVE-2025-39985

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

UBUNTU-CVE-2025-39985

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

OESA-2024-2076 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop throug...

kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop through schdirectxmit path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775...

CVE-2023-4809 pf incorrectly handles multiple IPv6 fragment headers

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a...