EUVD-2025-20419

Malicious code in bioql PyPI...

CVE-2025-38236

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unixstreamreadgeneric. The following sequences reproduce the issue: $ python3 from socket import s1, s2 = socketpairAFUNIX, SOCKSTREAM...

CVE-2025-38236 af_unix: Don't leave consecutive consumed OOB skbs.

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unixstreamreadgeneric. The following sequences reproduce the issue: $ python3 from socket import s1, s2 = socketpairAFUNIX, SOCKSTREAM...

CVE-2023-52654

CVE-2023-52654 affects the Linux kernel io_uring implementation in the af_unix path. The issue stems from potential cycles when sending io_uring file objects over sockets via SCM_RIGHT, which could interact with unix_stream_read_generic() and file reference cycles. The mitigation described is to ...

CVE-2023-52654 io_uring/af_unix: disable sending io_uring over sockets

In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: disable sending iouring over sockets File reference cycles have caused lots of problems for iouring in the past, and it still doesn't work exactly right and races with unixstreamreadgeneric. The safest fix would b...

SUSE SLES15 Security Update : kernel (Live Patch 20 for SLE 15 SP4) (SUSE-SU-2024:1072-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1072-1 advisory. - btsockrecvmsg in net/bluetooth/afbluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a btsockioctl race condition...

CVE-2023-6531 Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

CVE-2023-6531

CVE-2023-6531 is a Linux kernel use-after-free race in the unix garbage collector where deletion of SKB races with unix_stream_read_generic() on the socket the SKB is queued on. The issue enables local privilege escalation as described in multiple advisories. Public documents consistently identif...

CVE-2023-6531 Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...