CVE-2026-23119 bonding: provide a net pointer to __skb_flow_dissect()

In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to skbflowdissect After 3cbf4ffba5ee "net: plumb network namespace into skbflowdissect" we have to provide a net pointer to skbflowdissect, either via skb-dev, skb-sk, or a user provided pointer. In...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002048)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002048 advisory. The skbflowdissect function in net/core/flowdissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service infinite loop via a sma...

EUVD-2017-5232

Malware in sbrugna...

CVE-2024-35941

REJECTED CVE A use-after-free vulnerability was identified in the Linux kernel's net subsystem, specifically in skbuff handling. The issue arises from an overflow of the skb-networkheader a u16 value, causing skbnetworkoffsetskb to return a negative value. This results in the skbpull function...

CVE-2024-26804 net: ip_tunnel: prevent perpetual headroom growth

In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in skbflowdissect+0x19d1/0x7a50 net/core/flowdissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task...

CVE-2024-26804

CVE-2024-26804 concerns a Linux kernel vulnerability in the net/ip_tunnel subsystem where headroom could inflate without bound when gre/ipip tunnels route in a cycle. The root cause, as described in the vulnerability report, is that ip_tunnel_xmit can trigger an ever-increasing needed_headroom on...

Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3046)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3046 advisory. - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229497 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path...

Amazon Linux AMI : kernel (ALAS-2013-252)

The Linux kernel before 3.12, when UDP Fragmentation Offload UFO is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service memory corruption and system crash or possibly gain privileges via a crafted application that uses the UDPCORK...

Medium: kernel

Issue Overview: The Linux kernel before 3.12, when UDP Fragmentation Offload UFO is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service memory corruption and system crash or possibly gain privileges via a crafted application that us...

Mandriva Linux Security Advisory : kernel (MDVSA-2013:265)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The ipcrcuputref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service memory consumption or system crash via a crafted...

CVE-2013-4348

The skbflowdissect function in net/core/flowdissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service infinite loop via a small value in the IHL field of a packet with IPIP encapsulation...

CVE-2013-4348

CVE-2013-4348 affects the Linux kernel (up to 3.12) via skb_flow_dissect in net/core/flow_dissector.c. A crafted small IHL value in IPIP-encapsulated packets can trigger an infinite loop, enabling remote denial of service. The connected Nessus advisories reproduce the same description for Unity L...

CVE-2013-4348

The skbflowdissect function in net/core/flowdissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service infinite loop via a small value in the IHL field of a packet with IPIP encapsulation...