SUSE-SU-2026:21491-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting ...

CVE-2025-68241

In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rtbindexception from rebinding stale fnhe The sit driver's packet transmission path calls: sittunnelxmit - updateorcreatefnhe, which lead to fnheremoveoldest being called to delete entries exceeding...

EUVD-2024-41614

Malicious code in bioql PyPI...

BIT-ENVOY-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

CVE-2024-45809

A flaw was found in Envoy. JWT filter will lead to a crash in Envoy when clearing the route cache with remote JWKs in the following cases: 1. Remote JWKs are used, which requires async header processing 2. clearroutecache is enabled on the provider 3. Header operations are enabled in JWT filter,...

CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

CLSA-2024-1725876080 kernel: Fix of 44 CVEs

dmaengine: idxd: Fix possible Use-After-Free in irqprocessworklist CVE-2024-40956 - userfaultfd: fix a race between writeprotect and exitmmap CVE-2021-47461 - netfilter: nftables: use timestamp to check for set element timeout CVE-2024-27397 - x86/sev: Harden VC instruction emulation somewhat...

USN-6726-3 linux-xilinx-zynqmp vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

USN-6726-2 linux-iot vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

Important: kernel

Issue Overview: A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. CVE-2023-0590 A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel...

UBUNTU-CVE-2020-14326

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service...

kernel security and bug fix update

2.6.32-431.29.2 - kernel futex: Fix errors in nested key ref-counting Denys Vlasenko 1094457 1094458 CVE-2014-0205 - net vxlan: fix NULL pointer dereference Jiri Benc 1114549 1096351 CVE-2014-3535 2.6.32-431.29.1 - mm hugetlb: ensure hugepage access is denied if hugepages are not supported Gustav...

Fedora 16 : kernel-3.1.6-1.fc16 (2011-17381)

Restore the route cache garbage collector. Recent kernels could fill and exhaust their neighbour cache. Update to latest 3.1.6 stable release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Red Hat Linux Kernel路由实现多个远程拒绝服务漏洞

BUGTRAQ ID: 37875 CVE ID: CVE-2009-4272 Linux Kernel是开放源码操作系统Linux所使用的内核。 Red Hat版本的Linux Kernel的路由实现中存在两个拒绝服务漏洞。如果攻击者能够通过特制报文导致在路由哈希表中出现大量冲突以触发紧急路由flush，就会触发死锁；其次，如果禁用了内核路由缓存，在路由查询后会留下未初始化的指针，导致内核忙碌。 RedHat Linux 5.x 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2010:0046-01）以及相应补丁:...

kernel security and bug fix update

2.6.18-164.11.1.0.1.el5 - xen check to see if hypervisor supports memory reservation change Chuck Anderson orabug 7556514 - Add entropy support to igb John Sobecki orabug 7607479 - nfs convert ENETUNREACH to ENOTCONN orabug 7689332 - NET Add xen pv/bonding netconsole support Tina yang orabug...

Debian Security Advisory DSA 332-1 (kernel-source-2.4.17, kernel-patch-2.4.17-mips)

The remote host is missing an update to kernel-source-2.4.17, kernel-patch-2.4.17-mips announced via advisory DSA 332-1. OpenVAS Vulnerability Test $Id: deb3321.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 332-1 Authors: Thomas Reinke Copyright: Copyrigh...

DSA-442 linux-kernel-2.4.17-s390 - several vulnerabilities

Bulletin has no description...

CVE-2003-0244

The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service CPU consumption via packets with forged source addresses that cause a large number of hash table collisions...