CVE-2025-68775

CVE-2025-68775 concerns the Linux kernel, specifically the net/handshake cancellation path. The flaw arises when a handshake request is cancelled twice: the first cancellation removes the request from handshake_net->hn_requests but leaves it in handshake_rhashtbl; a second cancellation can cau...

CVE-2025-68775 net/handshake: duplicate handshake cancellations leak socket

In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshakenet-hnrequests list, but it is still present in the handshakerhashtbl until it is destroyed. If a...

CVE-2025-68776

CVE-2025-68776 affects the Linux kernel path in net/hsr where prp_get_untagged_frame() uses __pskb_copy() to build frame->skb_std. If __pskb_copy() returns NULL (allocation failure), skb_clone() is called on NULL, causing a crash (general protection fault) as described in the CVE description. ...

CVE-2025-68775 net/handshake: duplicate handshake cancellations leak socket

In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshakenet-hnrequests list, but it is still present in the handshakerhashtbl until it is destroyed. If a...

CVE-2025-68776 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

CVE-2025-68775

In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshakenet-hnrequests list, but it is still present in the handshakerhashtbl until it is destroyed. If a...

CVE-2025-68768

In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdirpreexit We have been seeing occasional deadlocks on pernetopsrwsem since September in NIPA. The stuck task was usually modprobe often loading a driver like ipvlan, trying to take the lock a...

kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free

A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from repeated cancel handshake requests leading to socket reference count underflow and disclosure...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to refresh pending skb's in fqdirpreexit, which could lead to a deadlock...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to free the original skb when nroutput returns NULL in the nrsendmsg function, which could lead ...

PT-2026-2545

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.114 Description The Linux kernel contains a flaw within the IPv4 code path in the ip vs get out rt function. This function can call dst link failure without verifying that skb-dev is set, leading to a NULL...

MiracleLinux 9 : kernel-5.14.0-570.58.1.el9_6 (AXSA:2025-11021:85)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11021:85 advisory. kernel: vsock/virtio: Validate length in packet header before skbput CVE-2025-39718 kernel: NFS: Fix filehandle bounds checking in nfsfhtodentry...

PT-2026-3317

Name of the Vulnerable Software and Affected Versions Node.js version 25 Description A flaw in the permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs, such as URLs or socketPa...

MiracleLinux 9 : redis-6.2.17-1.el9_5 (AXSA:2025-9591:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9591:01 advisory. redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 redis: possible bypass of Unix socket permissions on startup...

kernel: Linux kernel: SCTP use-after-free due to race condition in sendmsg

A flaw was found in the Linux kernel's SCTP implementation. This vulnerability allows a use-after-free read via a race condition during SCTP message sending...

SUSE-SU-2026:0090-1 Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.97 fixes various security issues The following security issues were fixed: - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading bsc1251984. - CVE-2025-38257: s390/pkey: prevent overflow in size calculation...

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

ROS-20260112-7309

A vulnerability in the llcpsock.c component of the Linux kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service as well...

ROS-20260112-7345

A vulnerability in the l2capsockrecvcb function in the net/bluetooth/l2capsock.c module of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information...