60 matches found
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...
Astra Linux – Vulnerability in Linux
A race condition in Linux kernel SCTP sockets net/sctp/socket.c before version 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If the sctpdestroysock function is called without using the socknetsk-sctp.addrwqlock lock, an element...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989046)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989046 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After...
EUVD-2021-10251
Malware in sbrugna...
EUVD-2015-5262
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414648)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414648 advisory. A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an...
Linux Distros Unpatched Vulnerability : CVE-2021-23133
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or...
Linux Distros Unpatched Vulnerability : CVE-2015-5283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local use...
CVE-2022-48855
A kernel information leak was found in SCTP sockets in the Linux Kernel, where uninitialized memory could be exposed to userspace. This issue occurs in the inetsctpdiagfill function, which fails to initialize certain fields before sending data. Mitigation Mitigation for this issue is either not...
CVE-2022-48855
In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...
DEBIAN-CVE-2022-48855
In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...
CVE-2022-48855 sctp: fix kernel-infoleak for SCTP sockets
In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...
CVE-2022-48855
In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...
K67416037: Linux kernel vulnerability CVE-2021-23133
Security Advisory Description A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctpdestroysock is called without socknetsk-sctp.addrwqlock then an element is...
SUSE CVE-2021-23133
A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctpdestroysock is called without socknetsk-sctp.addrwqlock then an element is removed from the...
NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2022-0089)
The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities: - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4putsuper in...
F5 Networks BIG-IP : Linux kernel vulnerability (K67416037)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.8 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K67416037 advisory. A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege...
Ubuntu 20.04 LTS : Linux kernel (KVM) vulnerabilities (USN-5000-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5000-2 advisory. USN-5000-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS and the Linux HWE kernel for Ubuntu 18.04 LTS. This update provides the...
Privilege Escalation
kernel is vulnerable to privilege escalation. The vulnerability exists due to a race condition in the SCTP sockets net/sctp/socket.c which allows an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPFCGROUPINETSOCKCREATE is...
SUSE-SU-2021:2460-1 Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-12266 fixes one issue. The following security issue was fixed: - CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to kernel privilege escalation from the context of a network service or an unprivileged process. bsc1185901...