CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

EUVD-2025-124243

Malicious code in npm-event-socketio-pavo npm...

Linux Distros Unpatched Vulnerability : CVE-2025-40175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one o...

Linux Distros Unpatched Vulnerability : CVE-2025-40139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smc: Use skdstget and dstdevrcu in in smcclcprfxset. smcclcprfxset is called during connect and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from idpf's failure to clean up the remaining SKBs in a PTP stream, which could lead to a memory leak...

EulerOS 2.0 SP12 : cloud-init (EulerOS-SA-2025-2317)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

EulerOS 2.0 SP12 : cloud-init (EulerOS-SA-2025-2348)

According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,cloud-init defau...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from failure to clear the conn-sk pointer, which could lead to reuse after release...

kernel: net: af_can: do not leave a dangling sk pointer in can_create()

In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocated sk object, but sockinitdata has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock...

kernel: Linux kernel: Denial of Service in xsk_diag due to use-after-free during socket cleanup

A flaw was found in the Linux kernel's xskdiag interface. This vulnerability, a use-after-free error, occurs when the xskdiag interface is used after a socket has been unbound from its device, such as during socket closure or device removal. A local attacker could exploit this flaw to cause a...

kernel: smc: Fix use-after-free in tcp_write_timer_handler()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...

kernel: ibmvnic: Don't reference skb after sending to VIOS

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the txbytes stat was incremented by the length of the skb. It is invalid to access the skb memory after sending t...

kernel: virtio/vsock: Fix accept_queue memory leak

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix acceptqueue memory leak As the final stages of socket destruction may be delayed, it is possible that virtiotransportrecvlisten will be called after the acceptqueue has been flushed, but before the SOCKDONE flag...

kernel: tcp: drop secpath at the same time as we currently drop dst

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

kernel: rxrpc: Fix a race between socket set up and I/O thread creation

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpcopensocket, it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phases in...

kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK

In the Linux kernel, the following vulnerability has been resolved: afpacket: fix vlangettci vs MSGPEEK Blamed commit forgot MSGPEEK case, allowing a crash 1 as found by syzbot. Rework vlangettci to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier...

kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK

In the Linux kernel, the following vulnerability has been resolved: afpacket: fix vlangetprotocoldgram vs MSGPEEK Blamed commit forgot MSGPEEK case, allowing a crash 1 as found by syzbot. Rework vlangetprotocoldgram to not touch skb at all, so that it can be used from many cpus on the same skb. A...

PT-2025-49020

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s AF UNIX garbage collection mechanism could incorrectly collect a receive queue of an active socket. This occurs due to a failure to initialize the scc index in the uni...

KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes

Summary Short summary of the problem. Make the impact and severity as clear as possible. It is possible to trick the virt-handler component into changing the ownership of arbitrary files on the host node to the unprivileged user with UID 107 due to mishandling of symlinks when determining the roo...