Lucene search
K

57 matches found

NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52937

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.5CVSS0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52937

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.5CVSS5.6AI score0.00112EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52937

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.7AI score0.00112EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/24 7:14 a.m.29 views

CVE-2026-52937

CVE-2026-52937 concerns the Linux kernel where the tap_ioctl() path handling SIOCGIFHWADDR leaks kernel stack contents by copying 16 bytes of an uninitialised sockaddr_storage to userspace. Specifically, netif_get_mac_address() writes only sa_family and dev->addr_len (6 bytes), leaving sa_data...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/24 7:14 a.m.10 views

EUVD-2026-38707

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.8AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52937 tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51730

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A stack information leak exists in the tap ioctl function during the SIOCGIFHWADDR path. The function copies 16 bytes of an uninitialized on-stack sockaddr storage structure to userspace...

5.5CVSS6AI score0.00112EPSS
Exploits0References20
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. Syzkaller reported an overflow during the write operation in arpreqget. 0 When the ioctlSIOCGARP function is called, arpreqget retrieves a neighbor entry and copies neigh-ha to struct...

5.5CVSS6.5AI score0.00256EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/07 2:18 a.m.14 views

SUSE CVE-2026-43088

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

3.3CVSS5.9AI score0.00122EPSS
Exploits0References17
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27586

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

5.9AI score0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 10:16 a.m.24 views

CVE-2026-43088

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

5.5CVSS0.00122EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.47 views

CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

0.00122EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 a.m.8 views

CVE-2026-43088

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/06 7:40 a.m.2 views

CVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exports

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37398

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PF KEY export paths where pfkey sockaddr size is used to reserve sockaddr payload space, resulting in IPv6 addresses occupying 32 bytes. However, the pfkey sockadd...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the last four bytes of the sockaddrin6 structure in the PFKEY export path are not...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/09 3:30 p.m.5 views

EUVD-2026-10335

The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...

7.5CVSS6AI score0.00468EPSS
Exploits1References2
NVD
NVD
added 2026/03/09 1:15 p.m.6 views

CVE-2026-3038

The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...

7.5CVSS0.00468EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 12:25 p.m.4 views

CVE-2026-3038

The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...

7.5CVSS6AI score0.00468EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/02/26 12:0 a.m.173 views

📄 FreeBSD Routing Socket Input Validation

This proof of concept exploit attempts to test the robustness of the FreeBSD routing socket subsystem by crafting a RTMADD message containing an intentionally oversized sockaddr structure salen greater than the traditional sockaddrstorage limit of 128 bytes...

7.5CVSS5.5AI score0.00468EPSS
Exploits1
Rows per page
Query Builder