37 matches found
CVE-2026-53269
The CVE affects the Linux kernel netfilter synproxy subsystem. The issue arises when netfilter hooks are registered on-demand for the first iptables target or nftables expression and multiple threads concurrently attempt registration, risking a race in refcount management. The published fix intro...
EUVD-2026-39220
In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can ra...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fixed an out-of-bounds condition during the parsing of TCP options. The TCP option parser in synproxy(synproxyparseoptions)could read one byte out of bounds. When the length is 1, the execution flow enters a...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referring to a synproxy stateful object from the OUTPUT hook causes the kernel to crash due to infinite recursive calls: BUG: The TASK stack guard page was accessed ...
SUSE CVE-2025-40206
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
EUVD-2025-150368
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
Linux Distros Unpatched Vulnerability : CVE-2025-40206
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite...
CVE-2025-40206
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
AZL-70100 CVE-2025-40206 affecting package kernel for versions less than 6.6.117.1-1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
DEBIAN-CVE-2025-40206
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
UBUNTU-CVE-2025-40206
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
CVE-2025-40206 netfilter: nft_objref: validate objref and objrefmap expressions
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
CVE-2025-40206
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
CVE-2025-40206
CVE-2025-40206 affects the Linux kernel netfilter nft_objref: validate objref and objrefmap expressions, where referencing a synproxy stateful object from OUTPUT could trigger a crash due to recursive calls. The connected advisories for SUSE/openSUSE/Amazon Linux list this CVE among fixed kernel ...
CVE-2025-40206 netfilter: nft_objref: validate objref and objrefmap expressions
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988991)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988991 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy...
PT-2025-46763
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the netfilter module related to the validation of objref and objrefmap expressions. Specifically, referencing a synproxy stateful object from the...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987082)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987082 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy...
The vulnerability of the `synproxy_parse_options()` function in the `net/netfilter/nf_synproxy_core.c` module of the `netfilter` component of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the synproxyparseoptions function in the net/netfilter/nfsynproxycore.c module of the netfilter component of the Linux operating system is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2021-47245
A vulnerability was found in the Linux kernel's netfilter system, in the synproxy TCP option parser. This issue allows the parser to read one byte beyond its intended limit when processing TCP options, which could lead to unexpected behavior or crash. Mitigation Red Hat has investigated whether a...