137 matches found
CVE-2025-71304
A flaw was found in the Linux kernel's Smack module. A local user with privileges to modify Smack's Domain of Interpretation DOI values could cause a denial of service. By writing a previously used DOI value to /smack/doi, networking for non-ambient labels becomes disabled. This prevents network...
SUSE CVE-2025-71304
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
EUVD-2025-209968
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
CVE-2025-71304
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
UBUNTU-CVE-2025-71304
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
CVE-2025-71304
The CVE-2025-71304 entry describes a Linux kernel Smack issue where /smack/doi could accept values that were previously written, causing decommissioned DOIs to linger and the default domain map to be unavailable. This behavior can disable networking for non-ambient labels because existing CIPSO/D...
CVE-2025-71304
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
CVE-2025-71304 smack: /smack/doi: accept previously used values
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
CVE-2025-71304
smack: /smack/doi: accept previously used values...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from writing values from the /smack/doi module. By writing values that have been previously used, it is...
Linux Distros Unpatched Vulnerability : CVE-2025-71304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient...
PT-2026-43687
In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. cat /smack/doi 3 netlabelctl -p cipso list Configured...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: smack: Fix for a bug where an unprivileged task can create labels. If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into the...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Smack: TCP/IPv4; fixed incorrect labeling. Currently, Smack mirrors the label of incoming TCP/IPv4 connections. When a connection with label “foo” connects to a connection with label “bar” via TCP/IPv4, “foo” always receives the...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential null pointer use in destroyworkqueue in initcifs error path Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 initcifs error: we previously assumed 'serverclosewq' could be nul...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: LSM: General protection fault in legacyparseparam The usual LSM hook mechanism of “bailing on fail” doesn’t work in cases where a security module may return an error code indicating that it doesn’t recognize an input. In this...
io.github.epi155:promethium-pgp-jdk5 (=0.5-B1), io.github.hWorblehat:nexus3-external-auth-plugin (=0.1.0) +220 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15to18 (>=1.65 <=1.82)
org.bouncycastle:bcpg-jdk15to18 MAVEN version =1.65, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-beta3, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.10.0 and more Source cves: CVE-2026-3505 Source advisory:...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992736)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992736 advisory. In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4...
smack: fix bug: unprivileged task can create labels
...
SUSE CVE-2025-68733
In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into own /proc/PID/attr/smack/curre...