10 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for missing rcu protection. When removing the rcureadlock from bondethtoolgettsinfo, I didn’t realize that it could also be called via setsockopt, which does not hold a rcu lock. As pointed out by syzbot: Stack trace...
UBUNTU-CVE-2026-31396
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...
CVE-2026-31396
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...
CVE-2026-31396
Summary: CVE-2026-31396 affects the Linux kernel’s net/macb and PTP clock subsystem. The root cause is a use-after-free in ptp_clock_index() when the PTP clock is accessed via get_ts_info while the interface’s PTP clock object has been deregistered. This allows a local attacker to trigger a crash...
PT-2026-30179
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.164+ Description The Linux kernel contained a use-after-free issue in the networking subsystem related to the macb driver and the PTP Precision Time Protocol clock. Specifically, the PTP clock could be access...
CVE-2026-23005
creationtimestamp| type| source ---|---|--- 2026-01-25 15:24:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdazxnrrt32t 2026-06-01 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260602...
SUSE CVE-2022-49456
In the Linux kernel, the following vulnerability has been resolved: bonding: fix missed rcu protection When removing the rcureadlock in bondethtoolgettsinfo as discussed 1, I didn't notice it could be called via setsockopt, which doesn't hold rcu lock, as syzbot pointed: stack backtrace: CPU: 0...
GHSA-3MVX-QW4R-FCQF
creationtimestamp| type| source ---|---|--- 2025-02-12 17:52:24+00:00| seen| https://infosec.exchange/users/cve/statuses/113992187494675681...
CVE-2024-56516
creationtimestamp| type| source ---|---|--- 2024-12-30 16:31:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113742729529291973 2024-12-30 19:18:32+00:00| seen| https://t.me/cvedetector/13939...
CVE-2024-10547
creationtimestamp| type| source ---|---|--- 2024-11-09 07:36:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113451845298617004 2024-11-09 09:56:30+00:00| seen| https://t.me/cvedetector/10284...