9 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-43474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs: init flagsvalid before calling vfsfileattrget syzbot reported a uninit-value bug in 1. Similar to the get context where the kernel's internal filekattr...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986410)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986410 advisory. In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in...
CVE-2024-44999 gtp: pull network headers in gtp_dev_xmit()
In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtpdevxmit syzbot/KMSAN reported use of uninit-value in getdevxmit 1 We must make sure the IPv4 or Ipv6 header is pulled in skb-head before accessing fields in them. Use pskbinetmaypull to fix this...
CVE-2024-44983
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG:...
CVE-2024-26882
CVE-2024-26882 relates to the Linux kernel vulnerability in the IPv4 IP tunnel receive path. The issue stems from not preserving the original skb->network_header when pulling inner headers during decapsulation in ip_tunnel_rcv(), which could interact with skb_head handling and header recomputa...
CVE-2024-26635
In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETHPTR8022. syzbot reported an uninit-value bug below. 0 llc supports ETHP8022 0x0004 and used to support ETHPTR8022 0x0011, and syzbot abused the latter to trigger the bug. write$tunr0,...
CVE-2024-26641
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...
CVE-2024-26635 llc: Drop support for ETH_P_TR_802_2.
In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETHPTR8022. syzbot reported an uninit-value bug below. 0 llc supports ETHP8022 0x0004 and used to support ETHPTR8022 0x0011, and syzbot abused the latter to trigger the bug. write$tunr0,...
CVE-2024-26635
CVE-2024-26635 affects the Linux kernel LLŠ” path. The issue arises from legacy support for ETH_P_TR_802_2 in 802.2 LLC handling, where llc_conn_handler/llc_pdu_decode paths initialized saddr/daddr.mac only for ETH_P_802_2, causing reads of garbage in other protocols (e.g., ETH_P_TR_802_2). The bu...