Lucene search
+L

17 matches found

redhatcve
redhatcve
added 2026/05/28 1:19 p.m.15 views

CVE-2026-46214

A flaw was found in the Linux kernel's vsock/virtio component. This vulnerability occurs when virtiotransportrecvlisten calls skacceptqadded before transport validation, leading to a permanent increment of the skackbacklog counter if transport assignment fails. A remote attacker could exploit thi...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References4
osv
osv
added 2025/12/04 3:31 p.m.6 views

CVE-2025-40231 vsock: fix lock inversion in vsock_assign_transport()

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...

6.3AI score0.00179EPSS
Exploits0References10
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-22680

Malicious code in bioql PyPI...

7.6AI score0.00113EPSS
Exploits0References7
redhat
redhat
added 2025/10/01 6:14 p.m.19 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.8AI score0.00113EPSS
Exploits0References5
redhat
redhat
added 2025/10/01 12:28 a.m.6 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.8AI score0.00113EPSS
Exploits0References5
redhat
redhat
added 2025/09/22 2:18 p.m.5 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.8AI score0.00113EPSS
Exploits0References5
redhat
redhat
added 2025/09/22 11:7 a.m.3 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.8AI score0.00113EPSS
Exploits0References5
redhat
redhat
added 2025/09/02 7:19 a.m.6 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.8AI score0.00113EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/07/27 3:35 p.m.4 views

CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

7.3CVSS6.2AI score0.00113EPSS
Exploits0References4
nvd
nvd
added 2025/07/25 4:15 p.m.4 views

CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS0.00113EPSS
Exploits0References9
cvelist
cvelist
added 2025/07/25 3:27 p.m.9 views

CVE-2025-38461 vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

0.00113EPSS
Exploits0References7
cnnvd
cnnvd
added 2025/07/25 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a transport assignment contention condition that could lead to the use of obsolete pointers...

4.7CVSS6.9AI score0.00113EPSS
Exploits0References8
redhatcve
redhatcve
added 2025/03/14 3:59 a.m.8 views

CVE-2025-21854

In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsockproto::psockupdateskprot. However, there is an edge case where an unconnected...

5.5CVSS6.7AI score0.00192EPSS
Exploits0References4
nvd
nvd
added 2025/03/12 10:15 a.m.12 views

CVE-2025-21854

In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsockproto::psockupdateskprot. However, there is an edge case where an unconnected...

5.5CVSS0.00192EPSS
Exploits0References4
cve
cve
added 2025/03/12 9:42 a.m.131 views

CVE-2025-21854

The CVE-2025-21854 issue affects the Linux kernel sockmap/vsock path. It occurs when a connectible (unconnected) vsock may lose its prior transport, potentially causing a NULL dereference in the BPF recv path and a crash when a listening vsock is present in a sockmap. The root cause is that sockm...

5.5CVSS6.5AI score0.00192EPSS
Exploits0References4Affected Software1
osv
osv
added 2025/03/12 9:42 a.m.13 views

CVE-2025-21854 sockmap, vsock: For connectible sockets allow only connected

In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsockproto::psockupdateskprot. However, there is an edge case where an unconnected...

5.5CVSS6.1AI score0.00192EPSS
Exploits0References7
debiancve
debiancve
added 2025/01/31 11:25 a.m.11 views

CVE-2025-21670

In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed...

5.5CVSS5.7AI score0.00199EPSS
Exploits0
Rows per page
Query Builder