58 matches found
Remote Code Execution (RCE)
vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper socket binding in the TCPStore and PyNcclPipe services listening on all network interfaces, potentially allowing unauthorized access to control message channels...
Important: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: net/mlx5: Always stop health timer during driver removal CVE-2024-40906 kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unli...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vsock: Keep the binding until socket destruction CVE-2025-21756 kernel: dm-flakey: Fix memory corruption in optional corruptbiobyte feature CVE-2025-21966 kernel: net: ppp: Add bound...
Important: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Denial Of Service (DoS)
vLLM is vulnerable to Denial Of Service DoS . The vulnerability is due to improper ZeroMQ socket binding caused by the XPUB socket being bound to all interfaces without access control in multi-node deployments, which allows an attacker to connect to the socket and either receive internal data or...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21756)
"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21756 advisory. - In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket...
SUSE CVE-2022-49863
In the Linux kernel, the following vulnerability has been resolved: can: afcan: fix NULL pointer dereference in canrxregister It causes NULL pointer dereference when testing as following: a use syscallNRsocket, 0x10ul, 3ul, 0 to create netlink socket. b use syscallNRsendmsg, ... to create bond li...
UBUNTU-CVE-2022-49863
In the Linux kernel, the following vulnerability has been resolved: can: afcan: fix NULL pointer dereference in canrxregister It causes NULL pointer dereference when testing as following: a use syscallNRsocket, 0x10ul, 3ul, 0 to create netlink socket. b use syscallNRsendmsg, ... to create bond li...
UBUNTU-CVE-2025-22109
In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25connect and also refcount leaks in ax25release. Memory leak was detected with kmemleak:...
Linux Distros Unpatched Vulnerability : CVE-2025-21756
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes...
SUSE CVE-2025-21792
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...
DEBIAN-CVE-2025-21792
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...
AZL-59037 CVE-2025-21756 affecting package kernel for versions less than 6.6.82.1-1
In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind and those implicitly bound through autobind during connect. Prevents socket unbinding during a transpo...
CVE-2025-21756
In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind and those implicitly bound through autobind during connect. Prevents socket unbinding during a transpo...
UBUNTU-CVE-2025-21792
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...
UBUNTU-CVE-2025-21756
In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind and those implicitly bound through autobind during connect. Prevents socket unbinding during a transpo...
CVE-2025-21756 vsock: Keep the binding until socket destruction
In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind and those implicitly bound through autobind during connect. Prevents socket unbinding during a transpo...
CVE-2025-21756
CVE-2025-21756 affects the Linux kernel vsock subsystem. The issue arises from keeping socket bindings until destruction, preventing correct unbinding during transport reassignment. This leads to a use-after-free in the binding path, observed as a KASAN slab-use-after-free in __vsock_bind and rel...