SUSE CVE-2010-3848

Stack-based buffer overflow in the econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures...

SUSE CVE-2010-3849

The econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service NULL pointer dereference and OOPS via a sendmsg call that specifies a NULL value for the remote address field...

SUSE CVE-2010-3904

The rdspagecopyuser function in net/rds/page.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg syste...

SUSE CVE-2010-4160

Multiple integer overflows in the 1 pppol2tpsendmsg function in net/l2tp/l2tpppp.c, and the 2 l2tpipsendmsg function in net/l2tp/l2tpip.c, in the PPPoL2TP and IPoL2TP implementations in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service heap memory corruption and pani...

SUSE CVE-2011-1173

The econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.39 on the x8664 platform allows remote attackers to obtain potentially sensitive information from kernel stack memory by reading uninitialized data in the ah field of an Acorn Universal Networking AUN packet...

SUSE CVE-2013-2224

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux RHEL 6 allows local users to cause a denial of service invalid free operation and system crash or possibly gain privileges via a sendmsg system call with the IPRETOPTS option, as demonstrated by hemlock.c. NOTE: this...

SUSE CVE-2013-3237

The vsockstreamsendmsg function in net/vmwvsock/afvsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

SUSE CVE-2014-3636

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to 1 cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors or 2 cause a denial of service disconnect via multiple messages that combine to have...

SUSE CVE-2015-7990

Race condition in the rdssendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerabili...

SUSE CVE-2016-3841

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service use-after-free and system crash via a crafted sendmsg system call...

SUSE CVE-2016-9806

Race condition in the netlinkdump function in net/netlink/afnetlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service double free or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation...

SUSE CVE-2019-8956

In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctpsendmsg" function net/sctp/socket.c when handling SCTPSENDALL flag can be exploited to corrupt memory...

SUSE CVE-2021-3640

A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory page. A privilege...

PT-2025-37659

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where a process waiting for an rxrpc call could be interrupted, leading to subsequent sendmsg calls failing with an EBUSY error until an assignment is...

kernel: use-after-free vulnerability in function sco_sock_sendmsg()

A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory page. A privilege...

PT-2022-35542 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.10.141 through 5.10.149 Description: A potential security issue exists due to the handling of zero-sized raw sendmsg in the net/ieee802154 module. The actual impact and attack plausibility have not yet been proven...

PT-2022-35347 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.15.65 through 5.15.74 Description: A potential security issue exists due to the handling of zero-sized raw sendmsg in the net/ieee802154 module. The actual impact and attack plausibility have not yet been proven...

PT-2022-35098 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue concerns a potential security vulnerability in the Linux Kernel. It is related to the rejection of zero-sized raw sendmsg in the net/ieee802154 module. The actual impact and attack...

kernel: use-after-free vulnerability in function sco_sock_sendmsg()

A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory page. A privilege...

GSD-2022-1005742 rxrpc: Fix locking in rxrpc's sendmsg

rxrpc: Fix locking in rxrpc's sendmsg This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.140 by commit...