Lucene search
+L

637 matches found

redhat
redhat
added 2026/05/20 1:3 p.m.11 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS5.8AI score0.003EPSS
Exploits0References5
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux

A race condition in Linux kernel SCTP sockets net/sctp/socket.c before version 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If the sctpDestroySock function is called without using the socknetsk-sctp.addrwqlock lock, an element...

7CVSS6.7AI score0.00482EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: s390/iucv: The MSGPEEK flag causes a memory leak in iucvsockdestruct. Passing the MSGPEEK flag to skbrecvdatagram increments the skb refcount skb-users, while iucvsockrecvmsg does not decrement the skb refcount at exit. This...

5.5CVSS6.4AI score0.00217EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: sockmap: Avoid a race condition between sockmapclose and skpsockput. skpsockget will return NULL if the reference count of psock reaches 0, which will happen when the last call to skpsockput is completed. However, skpsockdrop may...

4.7CVSS6.4AI score0.00197EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/handshake: Fix handshakereqdestroytest1 Recently, the handshakereqdestroytest1 test started failing: The expected value of handshakereqdestroytest should be req, but the actual value is 0000000000000000. The correct value...

5.5CVSS6.3AI score0.00225EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: UDP: The flag SOCKRCUFREE was set earlier in the udplibgetport function. The syzkaller triggered a warning 0 in the udpv4earlydemux function. In udpv46earlydemux and sklookup, we do not touch the refcount of the sk object;...

5.5CVSS6.5AI score0.0028EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...

7.8CVSS6.4AI score0.00235EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: c sk = somelookupfunc bpfskassignskb, sk bpfskreleasesk That is, the sk is not consumed by bpfskassign. Therefore, the function must ensure...

5.5CVSS6.2AI score0.00147EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: afunix: Fixed data races related to sk-skshutdown. KCSAN identified a data race involving sk-skshutdown, where functions like unixreleasesock and unixshutdown update the variable under unixstatelock; additionally, unixpoll and...

5.6AI score0.00172EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: sockmap: Added a condresched function in sockhashfree. Several reports of syzbot soft lockups involve sockhashfree. If a map with a large number of buckets is destroyed, we need to yield the CPU when necessary...

5.5CVSS6.4AI score0.00231EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Network: Fixed the issue where data was torn apart when accessing sk-skstamp in sockrecvcmsgs. KCSAN identified a data race in sockrecvcmsgs, where the read access to sk-skstamp requires using READONCE. Bug: KCSAN: Data race i...

6AI score0.00177EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: BPF, sockmap: Do not allow sockmapclose,destroy,unhash to call itself. Proto callback functions in sockmap should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stac...

9.1CVSS6.2AI score0.01219EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

There is a use-after-free vulnerability in the Linux Kernel that can be exploited to achieve local privilege escalation. To exploit this vulnerability, the CONFIGTLS or CONFIGXFRMESPINTCP kernel configuration flags must be set; however, the operation does not require any special privileges. There...

7.8CVSS6.7AI score0.00652EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: gtp: Fixed a use-after-free in gtpencapdestroy. syzkaller reported a use-after-free in gtpencapdestroy. The same process freed “sk” and accessed it illegally. The commit e198987e7dd7 “gtp: fix suspicious RCU usage” added...

6.3AI score0.00195EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: tipc: Wait and exit until all work queues are completed On some hosts, a crash could occur simply by repeating these commands several times: bash modprobe tipc tipc bearer enable media udp name UDP1 localip 127.0.0.1 rmmod tipc T...

5.5CVSS6.1AI score0.00178EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux

A vulnerability was discovered in the Linux kernel, where a reference count leak in the llcpsockconnect function causes a use-after-free condition, which may lead to privilege escalation...

7.8CVSS6.3AI score0.00511EPSS
Exploits1References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: ISO: Fixed issues related to locking and validity checks for isoconn. sk-skstate indicates whether isopisk-conn is valid. Operations that check or update skstate and access conn should hold locksock; otherwise, they...

5.9AI score0.00166EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

The dotlsgetsockopt function in net/tls/tlsmain.c in the Linux kernel, up to version 6.2.6, lacks a locksock call, resulting in a race condition. This can lead to a use-after-free issue or a NULL pointer dereferencing...

7CVSS6.6AI score0.00273EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A data race flaw was discovered in the Linux kernel, between the allocation of the con variable and the setting of con-sock. This issue results in a NULL pointer dereferencing when accessing con-sock-sk in the net/tipc/topsrv.c file within the tipc protocol in the Linux kernel...

4.7CVSS6.6AI score0.00184EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free read flaw was discovered in the sockgetsockopt function in net/core/sock.c, due to race conditions involving SOPEERCRED and SOPEERGROUPS functions when used with listen and connect in the Linux kernel. In this flaw, an attacker with user privileges could potentially crash the...

6.8CVSS6.7AI score0.01747EPSS
Exploits1References2
Rows per page
Query Builder