12383 matches found
UBUNTU-CVE-2023-53643
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released socket during error recovery While the error recovery work is temporarily failing reconnect attempts, running the 'nvme list' command causes a kernel NULL pointer dereference by calling getsockname...
UBUNTU-CVE-2022-50555
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a null-ptr-deref in tipctopsrvaccept syzbot found a crash in tipctopsrvaccept: KASAN: null-ptr-deref in range 0x0000000000000008-0x000000000000000f Workqueue: tipcrcv tipctopsrvaccept RIP: 0010:kernelaccept+0x22d/0x350...
UBUNTU-CVE-2023-53686
In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if socket lookup has failed. Also we should call tracehandshakecmddoneerr before releasing the file, otherwise dereferencing...
UBUNTU-CVE-2022-50536
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sockput when msg has moredata In tcpbpfsendverdict redirection, the eval variable is assigned to SKREDIRECT after the applybytes data is sent, if msg has moredata, sockput will be called multip...
CVE-2023-53686
CVE-2023-53686: Linux kernel vulnerability in net/handshake/netlink.c fix null-ptr-deref in handshake_nl_done_doit(); ensures trace_handshake_cmd_done_err() is not called if socket lookup fails and is invoked before releasing the file to avoid dereferencing sock->sk. Affects kernel networking ...
EUVD-2025-32731
In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if socket lookup has failed. Also we should call tracehandshakecmddoneerr before releasing the file, otherwise dereferencing...
CVE-2023-53686 net/handshake: fix null-ptr-deref in handshake_nl_done_doit()
In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if socket lookup has failed. Also we should call tracehandshakecmddoneerr before releasing the file, otherwise dereferencing...
CVE-2023-53686 net/handshake: fix null-ptr-deref in handshake_nl_done_doit()
In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if socket lookup has failed. Also we should call tracehandshakecmddoneerr before releasing the file, otherwise dereferencing...
EUVD-2025-32773
In the Linux kernel, the following vulnerability has been resolved: tcp: fix skbcopyubufs vs BIG TCP David Ahern reported crashes in skbcopyubufs caused by TCP tx zerocopy using hugepages, and skb length bigger than 68 KB. skbcopyubufs assumed it could copy all payload using up to MAXSKBFRAGS...
CVE-2023-53667 net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Deal with too low values of dwNtbOutMaxSize Currently in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated "min" value, but greater than zero, the logic sets txmax to dwNtbOutMaxSize. This is then use...
EUVD-2025-32742
In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptrring The following warning was reported when running xdpredirectcpu with both skb-mode and stress-mode enabled: ------------ cut here ------------ Incorrect XDP memory type...
CVE-2023-53660 bpf, cpumap: Handle skb as well when clean up ptr_ring
In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptrring The following warning was reported when running xdpredirectcpu with both skb-mode and stress-mode enabled: ------------ cut here ------------ Incorrect XDP memory type...
CVE-2023-53660
In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Handle skb as well when clean up ptrring The following warning was reported when running xdpredirectcpu with both skb-mode and stress-mode enabled: ------------ cut here ------------ Incorrect XDP memory type...
CVE-2023-53660
The CVE-2023-53660 issue affects the Linux kernel’s BPF/CPUMAP path and skb handling in ptr_ring during XDP. Root cause: __cpu_map_ring_cleanup() did not correctly handle skb mode, causing incorrect memory type usage warnings and premature CPU map kthread stoppage; fix implemented by patches to t...
EUVD-2025-32809
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a null-ptr-deref in tipctopsrvaccept syzbot found a crash in tipctopsrvaccept: KASAN: null-ptr-deref in range 0x0000000000000008-0x000000000000000f Workqueue: tipcrcv tipctopsrvaccept RIP: 0010:kernelaccept+0x22d/0x350...
CVE-2022-50536 bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sockput when msg has moredata In tcpbpfsendverdict redirection, the eval variable is assigned to SKREDIRECT after the applybytes data is sent, if msg has moredata, sockput will be called multip...
CVE-2022-50536
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sockput when msg has moredata In tcpbpfsendverdict redirection, the eval variable is assigned to SKREDIRECT after the applybytes data is sent, if msg has moredata, sockput will be called multip...
CVE-2023-53643 nvme-tcp: don't access released socket during error recovery
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released socket during error recovery While the error recovery work is temporarily failing reconnect attempts, running the 'nvme list' command causes a kernel NULL pointer dereference by calling getsockname...
EUVD-2025-32739
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released socket during error recovery While the error recovery work is temporarily failing reconnect attempts, running the 'nvme list' command causes a kernel NULL pointer dereference by calling getsockname...
CVE-2023-53643
CVE-2023-53643 affects the Linux kernel’s nvme-tcp path. When error recovery runs, the nvme TCP socket is released and a new one is created; if a user runs a command like nvme list, it may dereference a released socket via getsockname(), causing a kernel NULL pointer dereference. The issue is tie...