kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

Linux Distros Unpatched Vulnerability : CVE-2026-43037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 recei...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006738 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc ...

AZL-78449 CVE-2026-22977 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sockrecverrqueue skbufffclonecache was created without defining a usercopy region, 1 unlike skbuffheadcache which properly whitelists the cb field. 2 This causes a usercopy BUG when...

CVE-2026-22977

In the Linux kernel, the following vulnerability has been resolved: net: sock: fix hardened usercopy panic in sockrecverrqueue skbufffclonecache was created without defining a usercopy region, 1 unlike skbuffheadcache which properly whitelists the cb field. 2 This causes a usercopy BUG when...

CVE-2023-53821 ip6_vti: fix slab-use-after-free in decode_session6

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

EUVD-2023-60049

Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2022-49017

CVE-2022-49017 (Linux kernel) : A use-after-free in Tipc processing was mitigated by re-fetching the skb control block from the newly allocated skb after tipc_msg_validate(), preventing dereferencing a freed skb. The issue manifested as a KASAN use-after-free in tipc_crypto_rcv_complete and relat...

CVE-2022-49017 tipc: re-fetch skb cb after tipc_msg_validate

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipcmsgvalidate As the call trace shows, the original skb was freed in tipcmsgvalidate, and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in...

DEBIAN-CVE-2023-52701

In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...

CVE-2023-52701

The CVE-2023-52701 entry concerns Linux kernel net handling: copying skb marks and skb_cb data led to a memory exposure via usercopy checks, observed as a kernel crash on arm64 when CONFIG_HARDENED_USERCOPY=y. Root cause: copying data from skb->cb[] and skb->mark can bypass size checks; pat...

CVE-2023-52701 net: use a bounce buffer for copying skb->mark

In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...

CVE-2021-47014 net/sched: act_ct: fix wild memory access when clearing fragments

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using actct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range...

Important: kernel-livepatch-6.1.25-37.47

Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...

kernel: ipvlan: out-of-bounds write caused by unclear skb->cb

A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb-cb initialization in ipoptionsecho and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalati...

RHEL 8 : kernel (RHSA-2023:4815)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4815 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write...

RHEL 8 : kernel-rt (RHSA-2023:4817)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4817 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Important: kernel-livepatch-4.14.314-238.539

Issue Overview: A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb-cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIGIPVLA...

GSD-2023-1000247 tipc: re-fetch skb cb after tipc_msg_validate

tipc: re-fetch skb cb after tipcmsgvalidate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.158 by commit...

GSD-2023-1000176 tipc: re-fetch skb cb after tipc_msg_validate

tipc: re-fetch skb cb after tipcmsgvalidate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.82 by commit...