PT-2025-49635

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to PPP Point-to-Point Protocol transmission. Specifically, the issue arises when associating an skb socket buffer with a device during...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ath9khtcrxmsg not freeing the skb when there is no callback function, which could lead to a memory leak...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from skb reference count contention in sockmap...

CVE-2023-53752

In the Linux kernel, the following vulnerability has been resolved: net: deal with integer overflows in kmallocreserve Blamed commit changed: ptr = kmallocsize; if ptr size = ksizeptr; size = kmallocsizeroundupsize; ptr = kmallocsize; This allowed various crash as reported by syzbot 1 and Kyle...

DEBIAN-CVE-2025-40301

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...

UBUNTU-CVE-2025-40290

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

PT-2025-49421

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.12+deb14-cloud-amd64 1 Description The Linux kernel contained a flaw in the xsk XDP socket subsystem related to descriptor number handling on completion queues. A commit 30f241fcf52a initially introduced an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper use of the skb control block, which could lead to null pointer dereferencing...

CVE-2025-40282 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has headerops, so it must set link-local header for RX skb, otherwise things crash, eg. with AFPACKET SOCKRAW Add missing skbresetmacheader...

CVE-2025-40240

In CVE-2025-40240, the Linux kernel SCTP path had a NULL dereference when chunk data buffer was missing. The fix ensures chunk->skb is not dereferenced unless the chunk head indicates a valid skb, by checking frag_list and reordering the replacement of chunk->skb. The outer if() condition g...

CVE-2025-40240 sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

EUVD-2025-124908

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

UBUNTU-CVE-2025-40175

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

UBUNTU-CVE-2025-40176

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

CVE-2025-40176 tls: wait for pending async decryptions if tls_strp_msg_hold fails

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

CVE-2025-40175

CVE-2025-40175 affects the Linux kernel driver for idpf in PTP timestamping. The issue arises when cloning an SKB (skb_get) to latch a Tx timestamp: the K/U may increment the SKB refcount, and under certain conditions the SKB is assigned but not consumed in PTP flows (e.g., due to a reset during ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from idpf's failure to clean up the remaining SKBs in a PTP stream, which could lead to a memory leak...

kernel: ibmvnic: Don't reference skb after sending to VIOS

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the txbytes stat was incremented by the length of the skb. It is invalid to access the skb memory after sending t...

kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK

In the Linux kernel, the following vulnerability has been resolved: afpacket: fix vlangetprotocoldgram vs MSGPEEK Blamed commit forgot MSGPEEK case, allowing a crash 1 as found by syzbot. Rework vlangetprotocoldgram to not touch skb at all, so that it can be used from many cpus on the same skb. A...