416 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: - rxrpc: Fixed the locking mechanism in rxrpc’s sendmsg function. - Three bugs in the implementation of rxrpc’s sendmsg function have been fixed: 1 The rxrpcnewclientcall function should release the socket lock when returning ...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a memory leak in tcpbpfsendmsg when skmsg is full. This issue occurs when tcpbpfsendmsg is running with skmsg being full. When skmsgalloc returns an -ENOMEM error, tcpbpfsendmsg enters a waitformemory state...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021640)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021640 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1...
Exploit for Write-what-where Condition in Linux Linux_Kernel
Dirty Frag - kernel Linux critical Vulnerability- CVE-2026-432...
SUSE CVE-2026-43016
In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...
CVE-2026-43244
A flaw was found in the Linux kernel's Kernel Connection Multiplexer KCM module. A local user could trigger an issue where, during partial sendmsg operations, an empty network buffer skb is incorrectly left in the fraglist. A subsequent zero-length write operation can then cause a kernel warning,...
EUVD-2026-27807
In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...
CVE-2026-43244
In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...
CVE-2026-43244
CVE-2026-43244 affects the Linux kernel KCM (Kernel Connection Multiplexer). The issue arises during partial sendmsg operations: when kcm_sendmsg fills MAX_SKB_FRAGS, it allocates a new skb in frag_list and may copy data; if the copy fails, the new tail skb can have zero frags, leaving an empty e...
CVE-2026-43244
In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...
PT-2026-37584
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Kernel Connection Multiplexor KCM where a zero-fragment socket buffer skb can remain in the frag list during a partial sendmsg error. When kcm sendmsg fills the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: kcm: Fixed error handling for SOCKDGRAM in kcmsendmsg. Syzkaller identified a memory leak in kcmsendmsg, and the commit c821a88bd720 "kcm: Fix memory leak in the error path of kcmsendmsg" suppressed this issue by updating...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: kcm: Serializing kcmsendmsg for the same socket. syzkaller reported a Use-After-Free in kcmrelease. 0 The scenario is as follows: 1. Thread A constructs a skb with MSGMORE and sets kcm-seqskb. 2. Thread A continues to construc...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: IB/hfi1: Fixed the off-by-one error in sdma.h’s tx-numdescs. Unfortunately, the commit fd8958efe877 introduced another error, causing the descs array to overflow. This leads to further crashes that can be easily reproduced usi...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ipv4, ipv6: Fixed the handling of transhdrlen in ip,6appenddata. Including transhdrlen in the packet length is a problem when the packet is partially filled e.g., a sendMSGMORE operation occurred previously when appending to a...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: llc: Makes llcuisendmsg more robust against changes related to bonding. syzbot was able to exploit llcuisendmsg, allocating a skb without sufficient headroom, and then attempting to append 14 bytes of Ethernet header information...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed an issue of signed integer overflow in l2tpip6sendmsg. When len = INTMAX - transhdrlen, the value of ulen = len + transhdrlen will cause an overflow. To address this issue, we can follow the approach used by udpv6 and...
CVE-2026-43043
A flaw was found in the Linux kernel's af-alg subsystem. When the AFALG interface chains a new afalgtsgl structure, it fails to unmark the end of a Scatter/Gather List SGL. This can lead to a NULL pointer dereference during a subsequent sendmsg operation, causing a kernel panic and resulting in a...
CVE-2026-31774
The CVE-2026-31774 issue affects the Linux kernel io_uring/net path. A 32-bit length value (sqe->len) is stored into sr->len (int), allowing values above INT_MAX (e.g., 0xFFFFFFFF) to overflow and propagate through the bundle recv/send path. This can cause a slab-out-of-bounds read in io_bu...
CVE-2026-31608
In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in smbdirectfreesendmsg after smbdirectflushsendlist smbdirectflushsendlist already calls smbdirectfreesendmsg, so we should not call it again after postsendmsg moved it to the batch list...