CVE-2026-31507

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SMC module. A local user can exploit this vulnerability by using the tee2 system call to duplicate a splice pipe buffer, leading to a double-free condition. This double-free can result in a use-after-free error and a kern...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

CVE-2025-40064

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

EUVD-2025-35068

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smcrxsplice when calling getpage smcloregisterdmb allocates DMB buffers with kzalloc, which are later passed to getpage in smcrxsplice. Since kmalloc memory is not page-backed, this triggers WARNONONCE in...

PT-2025-46614

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the smc module. The smc clc prfx set function is called during the connect process without proper read-copy update RCU or routing table lock RTNL...

PT-2025-31072

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a type confusion issue within the smc module related to the handling of inet sock structures. Specifically, the issue stemmed from allowing non-INET sockets to...

SUSE CVE-2022-49905

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smcinit In smcinit, registerpernetsubsys&smcnetstatops is called without any error handling. If it fails, registering of &smcnetops won't be reverted. And if smcnlinit fails,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the net/smc module not properly checking the v2extoffset, eidcnt, and ismgidcnt fields when receiving an offer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the net/smc module not properly checking the ipareaoffset and ipv6prefixescnt fields when receiving an offer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a post-release reuse issue with LGR and links in the net/smc module...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a post-release reuse issue with LGR and links in the net/smc module...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from a warning caused by a delayed initialization of closework in the net/smc module...

SUSE CVE-2022-48751

In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smcsetsockopt and it is caused by accessing smc-clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 0000000000000020 P...

CVE-2022-48751

In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smcsetsockopt and it is caused by accessing smc-clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 0000000000000020 P...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a transitional solution to the net/smc module clcsock contention problem...

CVE-2024-36945

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smcibfindroute In smcibfindroute, the neighbour found by neighlookup and rtable resolved by iprouteoutputflow are not released or put before return. It may cause the refcount leak, so fix...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a neighbor and rtable leak in the net/smc module smcibfindroute...

CVE-2021-47559

A vulnerability was found in the Linux kernel's SMC implementation in the smcvlanbytcpsk function. A potential NULL pointer dereference occurred when handling lower network devices, leading to system crashes and resulting in denial of service. Mitigation Mitigation for this issue is either not...