22 matches found
UBUNTU-CVE-2026-23460
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...
CVE-2026-23460
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...
CVE-2026-23460 net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...
CVE-2026-23460
CVE-2026-23460 (Linux kernel) affects the Rose (net/rose) path. The bug occurs when a second connect() is issued while a first connect is in progress (state TCP_SYN_SENT); rose_get_neigh() may return NULL, leaving rose->state ROSE_STATE_1 with neighbour NULL, and on socket close rose_transmit_...
PT-2026-30154
In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rose transmit link on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-sk state values: TCP CLOSE, TCP LISTEN, TCP SYN SENT, and TCP...
EUVD-2011-4825
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-49916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rosesendframe The syzkaller reported an issue: KASAN:...
CVE-2025-39826 net: rose: convert 'use' field to refcount_t
In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcountt The 'use' field in struct roseneigh is used as a reference counter but lacks atomicity. This can lead to race conditions where a roseneigh structure is freed while still being reference...
CVE-2025-21718
In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free...
OESA-2024-1087 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause...
AZL-33344 CVE-2023-51782 affecting package kernel for versions less than 5.15.148.1-1
An issue was discovered in the Linux kernel before 6.6.8. roseioctl in net/rose/afrose.c has a use-after-free because of a roseaccept race condition...
SUSE CVE-2011-1493
Array index error in the roseparsenational function in net/rose/rosesubr.c in the Linux kernel before 2.6.39 allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact by composing FACNATIONALDIGIS data that specifies a large number of...
SUSE CVE-2011-4914
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service out-of-bounds read via...
SUSE CVE-2013-3234
The roserecvmsg function in net/rose/afrose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...
Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial of service/information leak)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-2183Andrea Righi reported an issue in KSM, a memory-saving de-duplication...
UBUNTU-CVE-2013-3234
The roserecvmsg function in net/rose/afrose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...
CVE-2011-4914
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service out-of-bounds read via...
Out-of-bounds
The ROSE protocol implementation in the Linux kernel before 2.6.39 does not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service out-of-bounds read via...
CVE-2011-4914
The CVE-2011-4914 issue affects the Linux kernel ROSE protocol implementation prior to 2.6.39. It arises because data-length values are not verified against the actual data sent, enabling remote attackers to read kernel memory (out-of-bounds read) or cause a denial of service via crafted data to ...
PT-2012-1995 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.39 Description: The issue is related to the ROSE protocol implementation in the Linux kernel, where it fails to verify the consistency of certain data-length values with the amount of data sent. This could...