Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: UDP: Fixed memory accounting leak. Matt Dowling reported a strange UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spikes to...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22058)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22058 advisory. - In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt...

CVE-2023-54004

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix NULL pointer dereference in skmemraiseallocated. syzbot reported 0 a null-ptr-deref in skgetrmem0 while using IPPROTOUDPLITE 0x88: 14:25:52 executing program 1: r0 = socket$inet60xa, 0x80002, 0x88 We had a similar...

RHEL 8 : kernel (RHSA-2025:22752)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22752 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: ALSA USB Aud...

CVE-2023-53489

CVE-2023-53489 affects the Linux kernel memory handling for UDP sockets with TX timestamps and zerocopy skbs. The issue is a memory leak: clones of skbs and their ubuf references can keep a socket refcnt and skb references in the error/clock path, causing leaked sk, sock and skb when close() is c...

kernel: udp: Fix memory accounting leak.

A memory overflow vulnerability exists within the Linux kernel's networking subsystem. Specifically, an application can set the SORCVBUF socket option to its maximum value INTMAX, which triggers an integer overflow within the udprmemrelease function during socket closure. The udpdestructcommon...

RHEL 8 : kernel (RHSA-2025:17124)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17124 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: mcast: extend RCU...

CLSA-2025-1757699471 kernel: Fix of 13 CVEs

mm/hugetlb: unshare page tables during VMA split, not before CVE-2025-38084 - hugetlb: unshare some PMDs when splitting VMAs CVE-2025-38084 - posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 - tipc: Fix use-after-free in tipcconnclose. CVE-2025-38464 -...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

kernel: udp: Fix memory accounting leak.

A memory overflow vulnerability exists within the Linux kernel's networking subsystem. Specifically, an application can set the SORCVBUF socket option to its maximum value INTMAX, which triggers an integer overflow within the udprmemrelease function during socket closure. The udpdestructcommon...

RHEL 9 : kernel (RHSA-2025:15670)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15670 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ext4: use-after-free in...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : kernel-rt (RHSA-2025:15658)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15658 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2025-2072)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ext4: update sjournalinum if it changes after journal replayCVE-2023-53091 arp: use RCU protection in arpxmit.CVE-2025-21762 iouring: prevent opco...

RHEL 8 : kernel (RHSA-2025:15656)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15656 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ext4: use-after-free in...

Oracle Linux 10 : kernel (ELSA-2025-15005)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-15005 advisory. - tipc: Fix use-after-free in tipcconnclose. - CVE-2025-38464 - netsched: hfsc: Fix a potential UAF in hfscdequeue too - CVE-2025-37823 - RDMA/iwcm:...

Oracle Linux 9 : kernel (ELSA-2025-14420)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14420 advisory. - ice: fix eswitch code memory leak in reset scenario CKI Backport Bot RHEL-108152 CVE-2025-38417 - udp: Fix memory accounting leak. Xin Long...

Oracle Linux 8 : kernel (ELSA-2025-14438)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14438 advisory. - udp: Fix memory accounting leak. Xin Long RHEL-104084 CVE-2025-22058 - i40e: fix MMIO write access to an invalid page in i40eclearhw Dennis Chen...

kernel: udp: Fix memory accounting leak.

A memory overflow vulnerability exists within the Linux kernel's networking subsystem. Specifically, an application can set the SORCVBUF socket option to its maximum value INTMAX, which triggers an integer overflow within the udprmemrelease function during socket closure. The udpdestructcommon...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: udp: Fix memory accounting leak. CVE-2025-22058 kernel: netsched: ets: Fix double list add in class with netem as child qdisc CVE-2025-37914 kernel: ice: fix eswitch code memory leak in...