CVE-2026-43244

CVE-2026-43244 affects the Linux kernel KCM (Kernel Connection Multiplexer). The issue arises during partial sendmsg operations: when kcm_sendmsg fills MAX_SKB_FRAGS, it allocates a new skb in frag_list and may copy data; if the copy fails, the new tail skb can have zero frags, leaving an empty e...

PT-2026-37584

In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in frag list on partial sendmsg error Syzkaller reported a warning in kcm write msgs when processing a message with a zero-fragment skb in the frag list. When kcm sendmsg fills MAX SKB FRAGS fragments in th...

CVE-2023-54112

CVE-2023-54112 concerns a Linux kernel memory-leak in the kcm_sendmsg path. The issue arises when copying bytes in kcm_sendmsg(): if an error occurs and execution jumps to the out_error path, last_skb is not updated, causing last_skb to reference an obsolete skb and corrupting the head frag_list,...

CVE-2023-54112 kcm: Fix memory leak in error path of kcm_sendmsg()

In the Linux kernel, the following vulnerability has been resolved: kcm: Fix memory leak in error path of kcmsendmsg syzbot reported a memory leak like below: BUG: memory leak unreferenced object 0xffff88810b088c00 size 240: comm "syz-executor186", pid 5012, jiffies 4294943306 age 13.680s hex dum...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from mishandling of the kcmsendmsg error, which could lead to queue corruption...

PT-2025-49716

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue was identified in the Linux kernel related to error handling within the kcm sendmsg function when dealing with SOCK DGRAM sockets. A memory leak was initially addressed, but a...

EUVD-2025-31838

A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...

UBUNTU-CVE-2025-39931

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg whe...

CVE-2025-39931 crypto: af_alg - Set merge to zero early in af_alg_sendmsg

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg whe...

CVE-2025-39931

The CVE-2025-39931 entry concerns the Linux kernel crypto/af_alg subsystem. The vulnerability occurs in af_alg_sendmsg: if an error causes the call to abort, ctx->merge may contain a garbage value from the previous loop, which can trigger a crash on the next entry into af_alg_sendmsg when atte...

AZL-74757 CVE-2025-39913 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork. syzbot reported the splat below. 0 The repro does the following: 1. Load a skmsg prog that calls bpfmsgcorkbytesmsg, corkbytes 2. Attach the prog to a...

CVE-2024-26766 IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx-numdescs off-by-one error Unfortunately the commit fd8958efe877 introduced another error causing the descs array to overflow. This reults in further crashes easily reproducible by sendmsg system call...