ROS-20250905-03

A vulnerability in the socket.c component of the GNU Screen window manager is related to incorrect assignment of permissions for a critical resource. permissions for a critical resource. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

CVE-2024-46783

In the Linux kernel, the following vulnerability has been resolved: tcpbpf: fix return value of tcpbpfsendmsg When we cork messages in psock-cork, the last message triggers the flushing will result in sending a skmsg larger than the current message size. In this case, in tcpbpfsendverdict, 'copie...

CVE-2024-36927

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

CVE-2021-47418 net_sched: fix NULL deref in fifo_set_limit()

In the Linux kernel, the following vulnerability has been resolved: netsched: fix NULL deref in fifosetlimit syzbot reported another NULL deref in fifosetlimit 1 I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev ...

CVE-2024-25767

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c...

CVE-2024-25767

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c...

CVE-2024-25767

nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c...

NanoMQ Security Vulnerabilities

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open-sourced by EMQ Technologies. A security vulnerability exists in NanoMQ version 0.21.2, which stems from a post-release reuse vulnerability in the /nanomq/nng/src/core/socket.c file...

CVE-2024-0639

A denial of service vulnerability due to a deadlock was found in sctpautoasconfinit in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system...

EulerOS 2.0 SP11 : screen (EulerOS-SA-2023-2667)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users...

Double free

The Linux kernel iouring IORINGOPSOCKET operation contained a double free in function syssocketfile in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067...

CVE-2023-1032

The Linux kernel iouring IORINGOPSOCKET operation contained a double free in function syssocketfile in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067...

EulerOS 2.0 SP9 : screen (EulerOS-SA-2023-2322)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users...

Ubuntu 16.04 ESM / 18.04 ESM : GNU Screen vulnerability (USN-6198-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6198-1 advisory. It was discovered that GNU Screen was not properly checking user identifiers before sending certain signals to target processes. If GNU Screen was...

PT-2023-17943 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the handle set parameters ctrl function of hal socket.c due to an incorrect bounds check. This could lead to local information disclosure, requiring System...

Amazon Linux 2023 : screen (ALAS2023-2023-224)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-224 advisory. socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a...

CVE-2016-7117 - Use-after-free vulnerability in the Linux kernel

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

socket.c in GNU Screen through 4.9.0 when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD) allows local users to send a privileged SIGHUP signal to any PID causing a denial of service or disruption of the target process.

...

CVE-2023-24626

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...

Design/Logic Flaw

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid the default on platforms such as Arch Linux and FreeBSD, allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process...