Lucene search
+L

15 matches found

debiancve
debiancve
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53260

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

9.8CVSS5.6AI score0.00349EPSS
Exploits0
euvd
euvd
added 2026/06/25 8:39 a.m.7 views

EUVD-2026-39211

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

5.7AI score0.00349EPSS
Exploits0References2
cve
cve
added 2026/06/25 8:39 a.m.18 views

CVE-2026-53260

Summary: CVE-2026-53260 relates to the Linux kernel tcp request-socket (reqsk) handling. The issue stems from a potential refcount underflow in __inet_csk_reqsk_queue_drop(), triggered when a reqsk is preempted between mod_timer() and refcount_set() during the queue/hash insertion path, causing t...

9.8CVSS5.7AI score0.00349EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/25 8:39 a.m.33 views

CVE-2026-53260 tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

9.8CVSS0.00349EPSS
Exploits0References2
osv
osv
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53260 tcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().

In the Linux kernel, the following vulnerability has been resolved: tcp: Add preemptdisable,enablenested in reqskqueuehashreq. syzbot reported a weird reqsk-rskrefcnt underflow in inetcskreqskqueuedrop. The captured reqskput in inetcskreqskqueuedrop is called only when it successfully removes req...

9.8CVSS5.8AI score0.00349EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.17 views

PT-2026-52355

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the TCP implementation where a reference count underflow can occur in the inet csk reqsk queue drop function, potentially leading to a use-after-free condition. This...

9.8CVSS5.8AI score0.00349EPSS
Exploits0References5
nessus
nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 8 : kernel-4.18.0-553.63.1.el8_10 (AXSA:2025-10602:47)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10602:47 advisory. kernel: tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 kernel: net: ch9200: fix uninitialised access during miinwayrestart...

7.8CVSS7.2AI score0.00241EPSS
Exploits0References3
osv
osv
added 2025/10/07 9:33 p.m.2 views

SUSE-SU-2025:03482-1 Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122228 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2024-50154: tcp/dccp: Do not use timerpending in reqskqueueunlink bsc1233072. -...

7.8CVSS7.4AI score0.00246EPSS
Exploits0References9
bdu_fstec
bdu_fstec
added 2025/03/27 12:0 a.m.8 views

The vulnerability of the `reqsk_queue_unlink()` function in the `net/ipv4/inet_connection_sock.c` module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reqskqueueunlink function in the net/ipv4/inetconnectionsock.c module of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

7CVSS7.2AI score0.00241EPSS
Exploits0References19Affected Software5
redhat
redhat
added 2025/02/19 1:0 a.m.4 views

kernel: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

7.8CVSS7.2AI score0.00241EPSS
Exploits0References5
susecve
susecve
added 2024/11/08 3:49 a.m.7 views

SUSE CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

7CVSS6.1AI score0.00241EPSS
Exploits0References62
osv
osv
added 2024/11/07 10:15 a.m.10 views

AZL-52967 CVE-2024-50154 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

7CVSS6.7AI score0.00241EPSS
Exploits0References1
osv
osv
added 2024/11/07 10:15 a.m.8 views

AZL-52987 CVE-2024-50154 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

7CVSS6.7AI score0.00241EPSS
Exploits0References1
osv
osv
added 2024/11/07 10:15 a.m.3 views

DEBIAN-CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

7CVSS6.2AI score0.00241EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2024/05/28 12:0 a.m.8 views

The vulnerability of the reqsk_queue_alloc() function in the Linux kernel-based TCP protocol implementation allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reqskqueuealloc function in the net/core/requestsock.c module of the Linux kernel’s TCP protocol implementation is related to deficiencies in the serialization mechanism, leading to competitive access to resources. Exploiting this vulnerability could allow a remote attack...

10CVSS6.5AI score0.00173EPSS
Exploits0References22Affected Software3
Rows per page
Query Builder