Lucene search
K

17 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: vsock: Fixed the transport TOCTOU issue. The transport assignment may race with module unloading. This issue is addressed by protecting newtransport from becoming a stale pointer. This also includes fixing an insecure call in...

4.7CVSS6.4AI score0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 12:0 a.m.9 views

ALSA-2026:2282 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation CVE-2025-38415 kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it...

7.8CVSS5.8AI score0.00181EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2025/12/04 12:50 p.m.3 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS5.7AI score0.00113EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2025/10/10 5:50 a.m.14 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

7.8CVSS7.8AI score0.0018EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.14 views

RockyLinux 10 : kernel (RLSA-2025:15005)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:15005 advisory. kernel: udp: Fix memory accounting leak. CVE-2025-22058 kernel: netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 kernel: ext4: onl...

7.8CVSS7.2AI score0.00188EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-7594

Malicious code in bioql PyPI...

5.5CVSS7.3AI score0.00192EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/10/01 7:19 p.m.15 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.8AI score0.00113EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/10/01 12:28 a.m.6 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS6.8AI score0.00113EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/25 12:0 a.m.3 views

RHEL 9 : kernel (RHSA-2025:16669)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:16669 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: cancel nfsdshrinkerwork...

7.8CVSS7.3AI score0.00233EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-21854

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to...

5.5CVSS6.1AI score0.00192EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/27 3:35 p.m.4 views

CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

7.3CVSS6.2AI score0.00113EPSS
Exploits0References4
CVE
CVE
added 2025/07/25 3:27 p.m.94 views

CVE-2025-38461

CVE-2025-38461 : In the Linux kernel, a TOCTOU race was introduced around vsock transport assignment where a new_transport could become a stale pointer if a module is unloaded concurrently. The fix protects the transport from racing with module unload by adding synchronization around new_transpor...

4.7CVSS6.3AI score0.00113EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2025/07/25 3:27 p.m.4 views

CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS5.3AI score0.00113EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/01/31 7:32 p.m.12 views

CVE-2025-21670

In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed...

5.5CVSS6.1AI score0.00199EPSS
Exploits0References4
CVE
CVE
added 2025/01/31 11:25 a.m.146 views

CVE-2025-21670

CVE-2025-21670 affects the Linux kernel’s vsock/bpf path. The issue occurs when vsock_transport is not assigned (NULL) during vsock_bpf_recvmsg for connected sockets (stream/seqpacket), leading to a NULL pointer dereference in vsock_connectible_has_data and an in-kernel oops trace. The vulnerabil...

5.5CVSS6.8AI score0.00199EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/31 11:25 a.m.12 views

CVE-2025-21669 vsock/virtio: discard packets if the transport changes

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause issues when we access...

5.5CVSS6.2AI score0.00214EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-30875

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a time-of-check-to-time-of-use TOCTOU vulnerability in the vsock transport mechanism. A race condition can occur between transport assignment and module...

6.4CVSS6.7AI score0.00113EPSS
Exploits0
Rows per page
Query Builder