Lucene search
K

282 matches found

RedHat Linux
RedHat Linux
added 2026/06/16 7:17 p.m.40 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS5.9AI score0.004EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 6:39 p.m.7 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS5.9AI score0.004EPSS
Exploits0References5
OSV
OSV
added 2026/06/05 3:50 p.m.12 views

OESA-2026-2581 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached shadow SRAM information, from concurrent modifications. Bot...

9.8CVSS6AI score0.00554EPSS
Exploits7References102
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Use skdstget and dstdevrcu in mptcpactiveenable. mptcpactiveenable is called from subflowfinishconnect, which is icsk-icskafops-skrxdstset. It isn’t always under a RCU context. Using skdstgetsk.dev could trigger a...

6.3AI score0.00176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: The “kern” flag was removed from fallback sockets. The mptcp ULP extension relies on ensuring that sk-sksockkern is set correctly. This prevents the call to setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6 from working for pla...

5.5CVSS5.9AI score0.00246EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: Race condition in the creation of subflows in mptcprcvspaceadjust. Additional active subflows—i.e., those created by the kernel’s internal processes—are included in the subflow list before the 3whs process starts. If a rac...

5.5CVSS6.2AI score0.00199EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: fixed a NULL pointer in canacceptnewsubflow. When testing the valkey benchmark tool with MPTCP, the kernel panics in mptcpcanacceptnewsubflow because subflowreq-msk is NULL. Call trace: mptcpcanacceptnewsubflow...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: Race conditions between subflow failures and additional subflow creations. We have race conditions similar to those addressed by the previous patch, between subflow failures and additional subflow creations. However, these...

7.8CVSS6.3AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: never allow the PM to close a listener subflow Currently, when deleting an endpoint, the netlink PM traverses all local MPTCP sockets, regardless of their status. If an MPTCP listener socket is bound to the IP correspondin...

5.5CVSS5.8AI score0.00208EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mptcp: Handle DDS corruption consistently. The buggy peer implementation may send corrupted DSS options, consistently causing several warnings in the data path. Use DEBUGNET assertions to avoid errors on some builds and to handle...

5.5CVSS6.2AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Prevent BPF from accessing lowat from a subflow socket. Alexei reported the following error: WARNING: CPU: 32, PID: 3276; in net/mptcp/subflow.c:1430; function subflowdataready+0x147/0x1c0. Linked modules: dummy,...

7.8CVSS5.8AI score0.0022EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: fixed the issue of re-injecting stale data from stale subflows. When the MPTCP Process Manager detects that a subflow is stale, the packet scheduler must re-inject all the unacknowledged data at the mptcp level. To avoid...

5.5CVSS6AI score0.00263EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure context reset on disconnect After the committed code below, if the MPC subflow is already in the TCPCLOSE status or has fallen back to TCP at the mptcpdisconnect time, mptcpdofastclose skips setting the sendfastclos...

5.5CVSS5.8AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/24 10:40 p.m.6 views

CVE-2026-31669

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6AI score0.004EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 3:16 p.m.18 views

CVE-2026-31669

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...

9.8CVSS0.004EPSS
Exploits0References7
OSV
OSV
added 2026/04/24 3:16 p.m.6 views

DEBIAN-CVE-2026-31669

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...

9.8CVSS5.4AI score0.004EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 2:45 p.m.4 views

EUVD-2026-25562

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...

5.5AI score0.004EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/04/24 2:45 p.m.4 views

CVE-2026-31669

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in inetlookupestablished The ehash table lookups are lockless and rely on SLABTYPESAFEBYRCU to guarantee socket memory stability during RCU read-side critical sections. Both tcpprot and tcpv6prot ha...

9.8CVSS5.4AI score0.004EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-35021

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free issue exists in the inet lookup established function. The problem occurs because MPTCP v6 subflow child sockets are allocated via kmalloc instead of the TCPv6 slab...

9.8CVSS5.1AI score0.004EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010947)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010947 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: use proper req destructor for IPv6 Before, only the destructor from TCP request sock in IP...

5.6AI score0.00209EPSS
Exploits0References4
Rows per page
Query Builder