CVE-2025-39702 ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

CVE-2025-39702 ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

CVE-2025-39702

CVE-2025-39702 affects the Linux kernel IPv6 source routing path (ipv6 sr) where MAC comparison was not constant-time, exposing potential timing attacks. The vulnerability is confirmed resolved in the kernel and is documented across multiple advisories (e.g., Debian LTS, Amazon Linux ALAS/* advis...

ipv6: reject malicious packets in ipv6_gso_segment()

...

A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.

...

bpf: Remove tst_run from lwt_seg6local_prog_ops.

...

net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels

...

Linux Distros Unpatched Vulnerability : CVE-2025-38572

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: reject malicious packets in ipv6gsosegment syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of...

Linux Distros Unpatched Vulnerability : CVE-2023-46331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange, which lead to segmentation fault. CVE-2023-46331 Note that Nessus relie...

Linux Distros Unpatched Vulnerability : CVE-2019-20805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PTDYNAMIC segment. CVE-2019-20805 Note that Nessus relies on the...

AZL-66599 CVE-2025-38622 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

CVE-2025-38622

CVE-2025-38622 — Linux kernel UDP/GSO issue : The vulnerability occurs in the UDP receive path when a packet with virtio_net_hdr using SKB_GSO_UDP and a gso_size smaller than the UDP header can trigger a crash in skb_pull_rcsum, leading to a kernel BUG in net/core/skbuff.c and a local attacker ma...

CVE-2025-38622 net: drop UFO packets in udp_rcv_segment()

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

f2fs: fix to bail out in get_new_segment()

...

UBUNTU-CVE-2025-38572

In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6gsosegment syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb-transportheader. This 16bit field has a limited range. Add...

CVE-2025-38572

In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6gsosegment syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb-transportheader. This 16bit field has a limited range. Add...

CVE-2025-38572

CVE-2025-38572 affects the Linux kernel IPv6 path, where an attacker could craft IPv6 extension headers to overflow skb->transport_header via ipv6_gso_segment() when processing very long headers. The root cause is related to the 16-bit transport header field handling, with a suggested fix addi...

Linux Distros Unpatched Vulnerability : CVE-2014-9090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dodoublefault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment SS...

Malicious code in segment-platform-functional-test (npm)

The package segment-platform-functional-test was found to contain malicious code...