101 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46132
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without...
CVE-2026-46132
A flaw was found in the Linux kernel's rtnetlink component. The rtnlfillvfinfo function declares a structure on the stack without full initialization. When processing RTMGETLINK requests with a specific attribute, an unprivileged local process can exploit this to read up to 26 bytes of...
CVE-2026-46132
In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...
CVE-2026-46132
In the Linux kernel, the following vulnerability has been resolved: net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without initialisation: struct iflavfbroadcast vfbroadcast; The struct contains a single...
CVE-2026-46132
CVE-2026-46132 : The Linux kernel vulnerability in net: rtnetlink/vf broadcast handling arises from an uninitialized on-stack vf_broadcast struct in rtnl_fill_vfinfo(). Only the first 6 bytes of the 32-byte field are written on Ethernet SR-IOV NICs, leaving 26 bytes of stack data exposed to users...
PT-2026-44255
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A stack information leak exists in the rtnl fill vfinfo function. The function declares a struct ifla vf broadcast on the stack without initialization. This structure contains a 32-byte...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Make sure to refresh masterdev/mops in rtnlnewlink. While looking at one unrelated syzbot bug, I found that the replay logic in rtnlnewlink could potentially trigger a use-after-free condition. It’s better to clear...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: prevented a NULL dereference in rtnlcreatelink When rtnlcreatelink is running, dev-netdevops is NULL. We must not use netdevlockops, as it may lead to a NULL dereference if CONFIGNETSHAPER is defined. Instead, use...
UBUNTU-CVE-2026-31692
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...
CVE-2026-31692
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...
ROS-20260121-73-0052
A vulnerability in the rtnlvfinfosize function of the net/core/rtnetlink.c component of the Linux kernel is related to incorrect buffer size calculation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993252)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993252 advisory. In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enicsetvfport enicsetvfport assumes that the nl attribu...
EUVD-2023-60143
In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk-cbrunning Both netlinkrecvmsg and netlinknativeseqshow read nlk-cbrunning locklessly. Use READONCE there. Add corresponding WRITEONCE to netlinkdump and netlinkdumpstart syzbot reported: BUG:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990831)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990831 advisory. In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enicsetvfport enicsetvfport assumes that the nl attribu...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989572)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989572 advisory. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh masterdev/mops in rtnlnewlink While looking at one unrelated syzb...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987253)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987253 advisory. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: make sure to refresh masterdev/mops in rtnlnewlink While looking at one unrelated syzb...
EUVD-2025-27859
Malicious code in bioql PyPI...
OESA-2025-2120 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtpnewlink links the device to a list in devnetdev instead of srcnet, where a udp tunnel socket is...
Linux Distros Unpatched Vulnerability : CVE-2025-38150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: afpacket: move notifier's packetdevmc out of rcu critical section Syzkaller reports the...
Linux Distros Unpatched Vulnerability : CVE-2022-48742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rtnetlink: make sure to refresh masterdev/mops in rtnlnewlink While looking at one unrelated syzbot bug, I found the replay logic in rtnlnewlink to potentially...