CVE-2026-45842

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...

PT-2026-43676

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhc init accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhc init is...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ppp: Rejects packets that are claimed to be LCP packets but are actually malformed packets. Since pppasyncencode assumes that the packets are valid LCP packets with codes from 1 to 7 inclusive, add pppcheckpacket to ensure that t...

MiracleLinux 9 : kernel-5.14.0-570.17.1.el9_6 (AXSA:2025-10435:40)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10435:40 advisory. kernel: vsock: Keep the binding until socket destruction CVE-2025-21756 kernel: dm-flakey: Fix memory corruption in optional corruptbiobyte feature...

EUVD-2022-55701

In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the following: r0 = openat$ppp0xffffffffffffff9c, &0x7f0000000000, 0xc0802, 0x0 ioctl$PPPIOCNEWUNITr0, 0xc004743e, &0x7f00000000c0...

EUVD-2023-24998

Malicious code in bioql PyPI...

SUSE CVE-2025-37749

In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on pppsynctxmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When...

CVE-2025-39673

In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in pppfillforwardpath pppfillforwardpath has two race conditions: 1. The ppp-channels list can change between listempty and listfirstentry, as ppplock is not held. If the only channel is deleted in...

CVE-2025-39673

Summary (CVE-2025-39673) : The issue is in the Linux kernel’s ppp_fill_forward_path() where two race conditions could occur in the ppp channels handling. The patch uses a lockless RCU approach: test and access the first channel with list_first_or_null_rcu(); modify channel list with RCU-variants ...

CLSA-2024-1731431756 kernel: Fix of 30 CVEs

tty: ngsm: Fix use-after-free in gsmcleanupmux CVE-2024-50073 - drm/amdkfd: amdkfdfreegttmem clear the correct pointer CVE-2024-49991 - ext4: fix timer use-after-free on failed mount CVE-2024-49960 - ext4: avoid use-after-free in ext4extshowleaf CVE-2024-49889 - ext4: fix slab-use-after-free in...

CVE-2024-49946

In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in pppchannelbridgeinput Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the...

AZL-51242 CVE-2024-50035 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...

kernel: ppp: reject claimed-as-LCP but actually malformed packets

The vulnerability was found in the Linux kernel's ppp pppgeneric.c driver, in the pppread and pppwrite functions where malformed packets were erroneously identified as LCP packets, leading to potential issues with packet handling. This flaw could potentially lead to system instability...

CLSA-2024-1724774331 kernel: Fix of 11 CVEs

drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36960 - afunix: Fix garbage collector racing against connect CVE-2024-26923 - ipv6: remove maxsize check inline with ipv4 CVE-2023-52340 - aoe: fix the potential use-after-free problem in aoecmdcfgpkts CVE-2023-6270 - smb: client:...

DEBIAN-CVE-2024-41044

In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'pppasyncencode' assumes valid LCP packets with code from 1 to 7 inclusive, add 'pppcheckpacket' to ensure that LCP packet has an actual body beyond PPPLCP header...

kernel: ppp_async: limit MRU to 64K

In the Linux kernel, the following vulnerability has been resolved: pppasync: limit MRU to 64K syzbot triggered a warning 1 in allocpages: WARNONONCEGFPorder MAXPAGEORDER, gfp Willem fixed a similar issue in commit c0a2a1b0d631 "ppp: limit MRU to 64K" Adopt the same sanity check for...

CVE-2023-20819

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003...

SUSE CVE-2013-4076

Buffer overflow in the dissectiphccrtpfh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service application crash via a crafted packet...

SUSE CVE-2017-13029

The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:printccpconfigoptions...

[SECURITY] Fedora 30 Update: ppp-2.4.7-34.fc30

The ppp package contains the PPP Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an ISP Internet Service Provider or other organization over a modem...