Out-of-bounds

The TCP stack in the Linux kernel through 4.10.6 mishandles the SCMTIMESTAMPINGOPTSTATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service out-of-bounds read via crafted system calls, related to...

CVE-2016-7117

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

CVE-2016-7117

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

CVE-2016-7117

CVE-2016-7117 describes a use-after-free in the Linux kernel’s __sys_recvmmsg() within net/socket.c, affecting kernel versions prior to 4.5.2. An attacker could trigger the corruption via a mishandled recvmmsg system call during error processing, enabling remote execution of arbitrary code. The v...

CVE-2016-7117

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

CVE-2016-5104

The socketcreate function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket...

Updated openvpn packages fix security vulnerability

OpenVPN versions before 2.3.9 contain an out of bounds read error in resolveremote in the file socket.c. With both IPv4 and IPv6 connections, OpenVPN will read a struct sockaddrin6, but in the IPv4 case the data structure is smaller than in the IPv6 case. The openvpn package has been updated to...

CVE-2015-3212

CVE-2015-3212: Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of socket-related system calls (notably setsockopt). Affected component is the SCTP implementation in the kernel; impa...

SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 7991 / 7992 / 7994)

The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to 3.0.82 and to fix various bugs and security issues. The following security issues have been fixed : - The chaseport function in drivers/usb/serial/ioti.c in the Linux kernel allowed local users to cause a denial of service NUL...

Design/Logic Flaw

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

CVE-2013-3235

net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

CVE-2013-1828

The sctpgetsockoptassocstats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copyfromuser operation, which allows local users to gain privileges via a crafted application that contains an SCTPGETASSOCSTATS getsockopt system call...

CVE-2013-1828

The sctpgetsockoptassocstats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copyfromuser operation, which allows local users to gain privileges via a crafted application that contains an SCTPGETASSOCSTATS getsockopt system call...

Code injection

The 1 dosiocgstamp and 2 dosiocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service system crash via a crafted ioctl call...

CVE-2012-2152

Stack-based buffer overflow in the getpacket method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long packet...

Design/Logic Flaw

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

openSUSE Security Update : kernel (kernel-270)

This patch updates the openSUSE 11.0 kernel to the 2.6.25.18 stable release. It also includes bugfixes and security fixes : CVE-2008-4410: The vmiwriteldtentry function in arch/x86/kernel/vmi32.c in the Virtual Machine Interface VMI in the Linux kernel 2.6.26.5 invokes writeidtentry where...

Linux Kernel 'SCTP'模块存在漏洞

BUGTRAQ ID: 31121 CVE ID：CVE-2008-3792 CNCVE ID：CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题，本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下： file: net/sctp/socket.c ... SCTPSTATIC int sctpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen int retval = 0; int len;...