PT-2025-46904

Name of the Vulnerable Software and Affected Versions Socket Firewall versions prior to 0.15.5 Description Socket Firewall is an HTTP/HTTPS proxy server designed to enforce security policies by blocking dangerous packages. Versions of Socket Firewall prior to 0.15.5 are susceptible to arbitrary...

Siemens SIMATIC S7-1500 Use After Free (CVE-2024-56600)

net: inet6: do not leave a dangling sk pointer in inet6create sockinitdata attaches the allocated sk pointer to the provided sock object. If inet6create fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the soc...

Socket Firewall 代码问题漏洞

Socket Firewall is a firewall software from Socket Open Source. A code issue vulnerability exists in Socket Firewall versions prior to 0.15.5 that stems from the possibility of executing arbitrary code when running in an untrusted project directory, which could lead to bypassing malicious packet...

Siemens SIMATIC S7-1500 Improper Handling of Exceptional Conditions (CVE-2024-53140)

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - optional kicks off the dumping process - dump - actual dump helper, keeps getti...

CVE-2025-40186

CVE-2025-40186 – Linux kernel (TCP/Fast Open) : The issue occurs in tcp_conn_request() during processing of a TFO socket. If a listener is closed while a TFO request is being handled, inet_csk_reqsk_queue_add() may skip setting reqsk->sk and call inet_child_forget(), which leads to tcp_disconn...

CVE-2025-40183

CVE-2025-40183 reflects a Linux kernel bug in BPF: metadata_dst leak via __bpf_redirect_neigh_v{4,6}. In workloads using Cilium’s BPF egress gateway, vxLAN-decapsulated traffic was routed with bpf_redirect_neigh(), which could leave behind a metadata_dst object attached to the skb and not release...

CVE-2025-60719

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

kernel: vsock/virtio: Validate length in packet header before skb_put()

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...

EUVD-2025-124908

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

EUVD-2025-124934

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

kernel: vsock/virtio: Validate length in packet header before skb_put()

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...

kernel: sunrpc: fix client side handling of tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

CVE-2025-40175

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

UBUNTU-CVE-2025-40175

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

UBUNTU-CVE-2025-40176

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

CVE-2025-40175

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

CVE-2025-40175

CVE-2025-40175 affects the Linux kernel driver for idpf in PTP timestamping. The issue arises when cloning an SKB (skb_get) to latch a Tx timestamp: the K/U may increment the SKB refcount, and under certain conditions the SKB is assigned but not consumed in PTP flows (e.g., due to a reset during ...

CVE-2025-40175 idpf: cleanup remaining SKBs in PTP flows

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...