Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: It is necessary to check that sock is valid before assigning it to iscsisetparam. The validity of sock should be checked before assigning it to prevent incorrect values. The change introduced in commit 57569c37f0a...

SUSE-SU-2026:21221-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: - CVE-2025-40159: xsk: Harden userspace-supplied xdpdesc validation bsc1253404. - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken...

UBUNTU-CVE-2023-53464

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...

CVE-2023-53464 scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...

PT-2025-40171

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the iscsi tcp component. The issue stems from a missing validation check for the sock variable before it is assign...

DEBIAN-CVE-2025-38147

In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AFINET sk. syzkaller reported a null-ptr-deref in txoptget. 0 The offset 0x70 was of struct ipv6txoptions in struct ipv6pinfo, so struct ipv6pinfo was NULL there. However, this never...

PT-2022-9952 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue arises from improper validation of a socket state when socket events are being sent to clients, potentially leading to invalid access of memory. This affects various...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1...

PT-2019-1405 · Canonical · Snapd +1

Name of the Vulnerable Software and Affected Versions: Canonical snapd versions prior to 2.37.1 Description: The issue is related to insufficient access control in the snapd utility, which can be exploited to elevate privileges using a specially crafted file. This allows an attacker to run...