Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fixed an issue where a use-after-free occurred in net in reqsktimerhandler. syzkaller reported a warning regarding the netns tracker 0, followed by KASAN, SPLAT 1, and another ref tracker warning 1. syzkaller was unable...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed the use-of-memory issue in nreq in reqsktimerhandler. The referenced commit replaced inetcskreqskqueuedropandput with inetcskreqskqueuedrop and reqskput in reqsktimerhandler. Next, oreq should be passed to reqskput...

MiracleLinux 8 : kernel-4.18.0-553.63.1.el8_10 (AXSA:2025-10602:47)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10602:47 advisory. kernel: tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 kernel: net: ch9200: fix uninitialised access during miinwayrestart...

SUSE CVE-2025-40186

In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqskfastopenremove in tcpconnrequest. syzbot reported the splat below in tcpconnrequest. 0 If a listener is closed while a TFO socket is being processed in tcpconnrequest, inetcskreqskqueueadd does not set reqsk-...

CVE-2025-40186 tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().

In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqskfastopenremove in tcpconnrequest. syzbot reported the splat below in tcpconnrequest. 0 If a listener is closed while a TFO socket is being processed in tcpconnrequest, inetcskreqskqueueadd does not set reqsk-...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an incorrect call to reqskfastopenremove in tcpconnrequest, which could result in a reference count underfl...

SUSE SLES15 Security Update : kernel (Live Patch 4 for SLE 15 SP6) (SUSE-SU-2025:03566-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03566-1 advisory. This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched:...

SUSE-SU-2025:03566-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. -...

SUSE-SU-2025:03553-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005580 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2024-50154: tcp/dccp: Do not use timerpending in reqskqueueunlink bsc1233072. -...

SUSE-SU-2025:03482-1 Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122228 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2024-50154: tcp/dccp: Do not use timerpending in reqskqueueunlink bsc1233072. -...

PT-2025-46743

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the TCP implementation where calling reqsk fastopen remove within tcp conn request can lead to a use-after-free and a refcount underflow. This occurs...

The vulnerability of the `reqsk_queue_unlink()` function in the `net/ipv4/inet_connection_sock.c` module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reqskqueueunlink function in the net/ipv4/inetconnectionsock.c module of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

Linux Distros Unpatched Vulnerability : CVE-2024-26865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker...

kernel: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

SUSE CVE-2024-53206

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsktimerhandler. The cited commit replaced inetcskreqskqueuedropandput with inetcskreqskqueuedrop and reqskput in reqsktimerhandler. Then, oreq should be passed to reqskput instead of req;...

AZL-55564 CVE-2024-53206 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsktimerhandler. The cited commit replaced inetcskreqskqueuedropandput with inetcskreqskqueuedrop and reqskput in reqsktimerhandler. Then, oreq should be passed to reqskput instead of req;...

DEBIAN-CVE-2024-53206

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsktimerhandler. The cited commit replaced inetcskreqskqueuedropandput with inetcskreqskqueuedrop and reqskput in reqsktimerhandler. Then, oreq should be passed to reqskput instead of req;...

UBUNTU-CVE-2024-53206

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsktimerhandler. The cited commit replaced inetcskreqskqueuedropandput with inetcskreqskqueuedrop and reqskput in reqsktimerhandler. Then, oreq should be passed to reqskput instead of req;...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52524: Fixed possible corruption in nfc/llcp bsc1220927. CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core bsc1232224 CVE-2024-50089:...

SUSE CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...