14 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mptcp: The issue related to “slab-use-after-free” in inetlookupestablished has been fixed. The lookups in the ehash table are performed without locking, and they rely on SLABTYPESAFEBYRCU to ensure the stability of socket memory...
SUSE CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
DEBIAN-CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
EUVD-2026-25562
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
CVE-2026-31669
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...
CVE-2026-31669
The CVE-2026-31669 entry pertains to the Linux kernel MPTCP code. A use-after-free could occur in IPv6 subflow sockets due to premature copying of tcpv6_prot into tcpv6_prot_override during early init, before proto_register(&tcpv6_prot) and its SLAB_TYPESAFE_BY_RCU cache is established. Consequen...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013029)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013029 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the...
EUVD-2025-201637
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN:...
SubprotocolRegistry accepts empty string as protocol name
Lines of code Vulnerability details Impact The input sanitization statements in SubprotocolRegistry.sol's register function are: function register bool ordered, bool primary, bool active, address nftAddress, string calldata name, uint96 fee external // ... if !ordered || primary || active revert...
Mozilla Firefox Spoofing Vulnerability
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 63. A remote attacker can exploit the vulnerability to forge the contents of the protocol registration notification bar...
kernel: netns vs proto registration ordering
net/ipv4/ipgre.c in the Linux kernel before 2.6.34, when ipgre is configured as a module, allows remote attackers to cause a denial of service OOPS by sending a packet during module loading...
kernel: netns vs proto registration ordering
The tunnels implementation in the Linux kernel before 2.6.34, when tunnel functionality is configured as a module, allows remote attackers to cause a denial of service OOPS by sending a packet during module loading...