12434 matches found
DEBIAN-CVE-2025-39703
In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...
CVE-2025-39695
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Flush delayed SKBs while releasing RXE resources When skb packets are sent out, these skb packets still depends on the rxe resources, for example, QP, sk, when these packets are destroyed. If these rxe resources are...
DEBIAN-CVE-2025-39695
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Flush delayed SKBs while releasing RXE resources When skb packets are sent out, these skb packets still depends on the rxe resources, for example, QP, sk, when these packets are destroyed. If these rxe resources are...
UBUNTU-CVE-2025-39718
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...
UBUNTU-CVE-2025-38732
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfreject: don't leak dst refcount for loopback packets recent patches to add a WARN when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 skbdstcheckunset include/linux/skbuff.h:1164 inlin...
UBUNTU-CVE-2025-39703
In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...
CVE-2025-39718
CVE-2025-39718 affects the Linux kernel vulnerability in vsock/virtio packet handling. The issue arises when receiving a VSock packet in a guest: only the virtqueue buffer size was previously validated before virtio_vsock_skb_rx_put(), but the function uses the packet header length as the skb_put...
CVE-2025-39718 vsock/virtio: Validate length in packet header before skb_put()
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...
CVE-2025-39703 net, hsr: reject HSR frame if skb can't hold tag
In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...
CVE-2025-39695
CVE-2025-39695 affects the Linux kernel RDMA/rxe path. The issue arises when skb packets that depend on RXE resources (e.g., QP, sk) are destroyed while RXE resources are being released, causing call traces. The patch adds a timestamp when skb packets are created to avoid skb packets hanging in s...
CVE-2025-39695 RDMA/rxe: Flush delayed SKBs while releasing RXE resources
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Flush delayed SKBs while releasing RXE resources When skb packets are sent out, these skb packets still depends on the rxe resources, for example, QP, sk, when these packets are destroyed. If these rxe resources are...
CVE-2025-39695 RDMA/rxe: Flush delayed SKBs while releasing RXE resources
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Flush delayed SKBs while releasing RXE resources When skb packets are sent out, these skb packets still depends on the rxe resources, for example, QP, sk, when these packets are destroyed. If these rxe resources are...
CVE-2025-39678 platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock-metrictbladdr is non-NULL If metric table address is not allocated, accessing metricsbin will result in a NULL pointer dereference, so add a check...
OESA-2025-2121 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtpnewlink links the device to a list in devnetdev instead of srcnet, where a udp tunnel socket is...
OESA-2025-2120 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtpnewlink links the device to a list in devnetdev instead of srcnet, where a udp tunnel socket is...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the RDMA/rxe module failing to refresh the delayed SKB when releasing RXE resources...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the net/hsr module not rejecting HSR frames when the skb cannot hold the tag...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unverified packet header length that could lead to an SKB overflow...
CVE-2025-38717
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
CVE-2025-38718 sctp: linearize cloned gso packets in sctp_rcv
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs...