CVE-2026-23450

CVE-2026-23450 (Linux kernel): The issue stems from a race in the SMC TCP path (net/smc) where, during close of an SMC listen socket, sk_user_data can be NULL or the smc_sock freed, causing a NULL dereference or use-after-free in smc_tcp_syn_recv_sock() when accessed under rcu/protected context. ...

Oracle Linux 10 : kernel (ELSA-2026-2721)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2721 advisory. - nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec CKI Backport Bot RHEL-144335 CVE-2026-22998 - smc: Fix use-after-free in...

CVE-2023-53781

CVE-2023-53781 (Linux kernel) : A use-after-free in the TCP timer path when an SMC kernel socket is created and freed; if the parent SMC socket is released with the inner TCP socket not in TCP_CLOSE, inet_csk_destroy_sock() is not called and TCP timers remain active, allowing a use-after-free in ...

kernel: smc: Fix use-after-free in tcp_write_timer_handler()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...

SUSE CVE-2025-40064

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

EUVD-2022-15546

Malicious code in bioql PyPI...

CVE-2025-39857

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smcibissgneedsync BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 1 SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainte...

DEBIAN-CVE-2025-39857

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smcibissgneedsync BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 1 SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainte...

CVE-2023-53382

CVE-2023-53382 affects net/smc in the Linux kernel. The issue occurs during the CLC handshake when the server first tries SMCRv2 and then SMCRv1; if SMCRv2 buffer/RMB setup fails and the code then proceeds to SMCRv1, the connection structure can retain an incorrect link (conn->lnk) while lgr i...

CVE-2025-38734

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smclistenout BPF CI testing report a UAF issue: 16.446633 BUG: kernel NULL pointer dereference, address: 000000000000003 0 16.447134 PF: supervisor read access in kernel mod e 16.447516 PF:...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52927: netfilter: allow exp not to be removed in nfctfindexpectation bsc1239644. CVE-2024-26708: mptcp: fix inconsistent state on fastopen race...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52927: netfilter: allow exp not to be removed in nfctfindexpectation bsc1239644. CVE-2024-35910: tcp: properly terminate timers for kernel sockets...

SUSE CVE-2022-49060

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smcpnetfindib devname was called with dev.parent as argument but without to NULL-check it before. Solve this by checking the pointer before the call to devname...

DEBIAN-CVE-2024-49571

In the Linux kernel, the following vulnerability has been resolved: net/smc: check ipareaoffset and ipv6prefixescnt when receiving proposal msg When receiving proposal msg in server, the field ipareaoffset and the field ipv6prefixescnt in proposal msg are from the remote client and can not be ful...

AZL-68541 CVE-2024-49568 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2extoffset/eidcnt/ismgidcnt when receiving proposal msg When receiving proposal msg in server, the fields v2extoffset/ eidcnt/ismgidcnt in proposal msg are from the remote client and can not be fully trusted...

UBUNTU-CVE-2024-57791

In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sockrecvmsg when draining clc data When receiving clc msg, the field length in smcclcmsghdr indicates the length of msg should be received from network and the value should not be fully trusted as i...

UBUNTU-CVE-2024-49568

In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2extoffset/eidcnt/ismgidcnt when receiving proposal msg When receiving proposal msg in server, the fields v2extoffset/ eidcnt/ismgidcnt in proposal msg are from the remote client and can not be fully trusted...

kernel: net/smc: avoid data corruption caused by decline

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

DEBIAN-CVE-2024-50293

In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in smccreate Thanks to commit 4bbd360a5084 "socket: Print pf-create when it does not clear sock-sk on failure.", syzbot found an issue with AFSMC: smccreate must clear sock-sk on failur...

SUSE CVE-2024-50034

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsksynmss with IPPROTOSMC Eric report a panic on IPPROTOSMC, and give the facts that when INETPROTOSWICSK was set, icsk-icsksyncmss must be set too. Bug: Unable to handle kernel NULL pointer dereference at...