Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility that MHI ulcallback may be called immediately after a skb has queued for transmission, causi...

ALPINE-CVE-2023-46838

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translate...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

kernel: use after free in unix_stream_sendpage

A use-after-free flaw was found in the Linux kernel's afunix component that allows local privilege escalation. The unixstreamsendpage function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unixstreamsendpage...

CVE-2023-51779

A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...

SUSE CVE-2023-6531

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

kernel: Linux kernel: Local denial of service in skbuff due to improper network buffer handling

A flaw was found in the Linux kernel. A local user with low privileges could trigger a kernel bug by manipulating network packet buffer skbuff operations. Specifically, when a program uses a helper function to read data beyond the allocated buffer in certain Generic Segmentation Offload GSO...

kernel: xfrm: policy: fix metadata dst->dev xmit null pointer dereference

A flaw was found in the XFRM policy support in the Linux kernel. A NULL pointer dereference can be triggered when a socket buffer is transmitted via an XFRM interface due to a missing check, resulting in a denial of service...

kernel: wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()

A flaw was found in the ath9k USB Wi-Fi driver in the Linux kernel. In certain conditions within the ath9khifusbregincb path, a socket buffer skb may be freed prematurely and then freed again on an error path, leading to a use-after-free condition. Additionally, failure to allocate a new skb can...

kernel: Linux kernel: Memory leak in wilc1000 Wi-Fi driver causes Denial of Service

A flaw was found in the Linux kernel's wilc1000 Wi-Fi driver. A local attacker with low privileges could exploit a memory leak in the wilcmacxmit function, which fails to free a socket buffer skb under certain conditions. This resource exhaustion vulnerability can lead to a Denial of Service DoS ...

kernel: mlx5: fix possible ptp queue fifo use-after-free

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix possible ptp queue fifo use-after-free Fifo indexes are not checked during pop operations and it leads to potential use-after-free when poping from empty queue. Such case was possible during re-sync action. WARNONONCE...

kernel: tcp: fix skb_copy_ubufs() vs BIG TCP

In the Linux kernel, the following vulnerability has been resolved: tcp: fix skbcopyubufs vs BIG TCP David Ahern reported crashes in skbcopyubufs caused by TCP tx zerocopy using hugepages, and skb length bigger than 68 KB. skbcopyubufs assumed it could copy all payload using up to MAXSKBFRAGS...

CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

DEBIAN-CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

AZL-31271 CVE-2023-42754 affecting package kernel for versions less than 5.15.135.1-2

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

CVE-2023-42754

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...

kernel: ipvlan: out-of-bounds write caused by unclear skb->cb

A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb-cb initialization in ipoptionsecho and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalati...

PT-2025-53189

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the kcm sendmsg function. The issue occurs when an error happens after some bytes have been copied during message sending, leaving the last skb...