20 matches found
SUSE CVE-2026-45842
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...
CVE-2026-45842
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...
UBUNTU-CVE-2026-45842
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...
CVE-2026-45843 slip: bound decode() reads against the compressed packet length
In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...
CVE-2026-45843
In the Linux kernel, the following vulnerability has been resolved: slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via decode and pull16. Neither helper bounds-checks against isize, and decod...
CVE-2026-45843
CVE-2026-45843 affects the Linux kernel’s SLIP/VJ-compressed TCP header handling (slip and slhc_uncompress). The vulnerability stems from decode() and pull16() not enforcing bounds against the packet end, and decode() masking its return value to 0xFFFF, causing potential over-reads when a compres...
CVE-2026-45842
The CVE-2026-45842 issue affects the Linux kernel’s SLIP/Slip+PPP path. When rslots == 0 (no receive compression), comp->rstate remains NULL and rslot_limit becomes 0, but the receive helpers do not guard against this. As a result, slhc_uncompress() can dereference comp->rstate[x] and slhc_...
CVE-2026-45842
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhcinit accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhcinit is...
CVE-2026-45842
slip: reject VJ receive packets on instances with no rstate array...
PT-2026-43676
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhc init accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slhc init is...
CVE-2026-45843
slip: bound decode reads against the compressed packet length...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerabilities have been resolved: Slip: Make slhcremember more robust against malicious packets. syzbot found that slhcremember lacked checks against malicious packets 1. slhcremember only checks that the packet’s size is at least 20 bytes, which is...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005149)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005149 advisory. In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was...
kernel: slip: make slhc_remember() more robust against malicious packets
In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...
CLSA-2024-1731431756 kernel: Fix of 30 CVEs
tty: ngsm: Fix use-after-free in gsmcleanupmux CVE-2024-50073 - drm/amdkfd: amdkfdfreegttmem clear the correct pointer CVE-2024-49991 - ext4: fix timer use-after-free on failed mount CVE-2024-49960 - ext4: avoid use-after-free in ext4extshowleaf CVE-2024-49889 - ext4: fix slab-use-after-free in...
slip: make slhc_remember() more robust against malicious packets
...
SUSE CVE-2024-50033
In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...
DEBIAN-CVE-2024-50033
In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...
AZL-51228 CVE-2024-50033 affecting package kernel for versions less than 6.6.57.1-1
In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...
UBUNTU-CVE-2024-50033
In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...