1220 matches found
CVE-2026-52995
A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS subsystem. This vulnerability allows a local unprivileged user to disclose sensitive kernel memory. When a user queries connection information through getsockoptSOLRDS, RDSINFOIBCONNECTIONS while an RDS connection is not fully...
EUVD-2026-38863
In the Linux kernel, the following vulnerability has been resolved: net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to a per-connection visitor and then copy the full itemlen bytes back to...
CVE-2026-53077
The vulnerability CVE-2026-53077 affects the Linux kernel RDS/IB code: it restricted usage to the initial network namespace, with the non-initial namespaces not supported and the existing code likely malfunctioning. Multiple advisories note the issue has been resolved/patched (e.g., Debian/Ubuntu...
CVE-2026-53077 net/rds: Restrict use of RDS/IB to the initial network namespace
In the Linux kernel, the following vulnerability has been resolved: net/rds: Restrict use of RDS/IB to the initial network namespace Prevent using RDS/IB in network namespaces other than the initial one. The existing RDS/IB code will not work properly in non-initial network namespaces...
CVE-2026-52995
The CVE-2026-52995 issue affects the Linux kernel’s RDS path: rds_for_each_conn_info() and rds_walk_conn_path_info() pass a caller-allocated on-stack buffer to visitors and then copy item_len bytes back to user space, potentially exposing uninitialized stack data. In particular, rds_ib_conn_info_...
UBUNTU-CVE-2026-52939
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...
EUVD-2026-38709
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...
CVE-2026-52939
Linux kernel vulnerability CVE-2026-52939 affects RDS over InfiniBand. A NULL dereference can occur in rds_ib_send_cqe_handler() when handling masked atomic completions, due to rds_ib_send_unmap_op() not covering masked opcodes. The issue occurs because masked atomic opcodes (IB_WR_MASKED_ATOMIC_...
CVE-2026-52939
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...
Linux Distros Unpatched Vulnerability : CVE-2026-52939
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or...
Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8462-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8462-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...
USN-8462-1 linux-oracle-5.15 vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
USN-8388-2: Linux kernel vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
USN-8388-2 linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A flaw was discovered in the Linux Kernel’s RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback function uses listentry on the head of a list, resulting in a type confusion. A local user can trigger this with the rdsmessageput function. This type confusion causes the struct...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: rds: Fixed a possible NULL pointer dereferencing issue. In the rdsrdmacmeventhandlercmn function, if the conn pointer exists before dereferencing it as an argument for rdmasetservicetype, a problem was identified. This issue...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/rds: fixed the warning in rdsconnconnectifdown. If a connection is not established yet, getmr will fail, causing the connection to be initiated after getmr...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fixed an issue where a use-after-free occurred in net in reqsktimerhandler. syzkaller reported a warning regarding the netns tracker 0, followed by KASAN, SPLAT 1, and another ref tracker warning 1. syzkaller was unable...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: rds: Fixed a memory leak in rdsrecvmsg. Syzbot reported a memory leak in rds. The problem occurred when the reference count was not decremented in case of an error. The function rdsrecvmsgstruct socket sock, struct msghdr ms...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fixed a circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune, where sknetrefcntupgrade is called while holding the socket lock:...