Page 4 of 7641 results (0.008 seconds)

CVSS: -EPSS: %CPEs: 7EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects them from skb_segment_list to more robust skb_segment. But some packets with modified geometry can also hit bugs in that code. We don't know how many such cases exist. Addressing each one by one also requires touching the complex skb_seg... • https://git.kernel.org/stable/c/080e6c9a3908de193a48f646c5ce1bfb15676ffc •

CVSS: -EPSS: %CPEs: 6EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo() did not check for this case before dereferencing the returned pointer. Add a missing NULL check to prevent a potential NULL pointer dereference when allocation fails. This improves robustness in low-memory scenarios. • https://git.kernel.org/stable/c/a57e5de476be0b4b7f42beb6a21c19ad9c577aa3 •

CVSS: -EPSS: %CPEs: 7EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early fix was incomplete and did only fix up the generic C implementation. A followup patch adds a test case to nft_concat_range.sh. • https://git.kernel.org/stable/c/957a4d1c4c5849e4515c9fb4db21bf85318103dc •

CVSS: -EPSS: %CPEs: 6EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter function can only succeed if UFSHCD_EH_IN_PROGRESS is not set because resuming involves submitting a SCSI command and ufshcd_queuecommand() returns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_EH_IN_PROGRESS is set. Fix this hang by setting UFSHCD_EH_IN_PROGRESS after ufshcd_rpm_get_sync() has been called instead of before. Backtrace: ... • https://git.kernel.org/stable/c/62694735ca95c74dac4eb9068d59801ac0ddebaf •

CVSS: -EPSS: %CPEs: 5EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete This reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add to avoid crashes like bellow: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406 Read of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341 CPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not ... • https://git.kernel.org/stable/c/66bd095ab5d408af106808cce302406542f70f65 •

CVSS: -EPSS: %CPEs: 4EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmt_pending list with its own lock This uses a mutex to protect from concurrent access of mgmt_pending list which can cause crashes like: ================================================================== BUG: KASAN: slab-use-after-free in hci_sock_get_channel+0x60/0x68 net/bluetooth/hci_sock.c:91 Read of size 2 at addr ffff0000c48885b2 by task syz.4.334/7318 CPU: 0 UID: 0 PID: 7318 Comm: syz.4.334 Not tainted 6.15... • https://git.kernel.org/stable/c/a380b6cff1a2d2139772e88219d08330f84d0381 •

CVSS: -EPSS: %CPEs: 8EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: fix a potential crash on gso_skb handling SFQ has an assumption of always being able to queue at least one packet. However, after the blamed commit, sch->q.len can be inflated by packets in sch->gso_skb, and an enqueue() on an empty SFQ qdisc can be followed by an immediate drop. Fix sfq_drop() to properly clear q->tail in this situation. ip netns add lb ip link add dev to-lb type veth peer name in-lb netns lb ethtool -K... • https://git.kernel.org/stable/c/a53851e2c3218aa30b77abd6e68cf1c371f15afe •

CVSS: -EPSS: %CPEs: 5EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used With nosmp in cmdline, other CPUs are not brought up, leaving their cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu() dereferences these NULL pointers, causing panic. Panic backtrace: [ 0.401123] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8 ... [ 0.403255] [] cppc_allow_fast_switch+0x6a/0xd4 ... Kernel panic - ... • https://git.kernel.org/stable/c/3cc30dd00a580ca0c9c0b01639841cfd72d10129 •

CVSS: -EPSS: %CPEs: 7EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() (which usually happens when socket is removed from sockmap), sk->sk_prot gets restored and sk->sk_prot->sock_is_readable becomes NULL. This makes sk_is_readable() racy, if the value of sk->sk_prot is reloaded after the initial check. Which in turn may lead to a null pointer dereferen... • https://git.kernel.org/stable/c/8934ce2fd08171e8605f7fada91ee7619fe17ab8 •

CVSS: -EPSS: %CPEs: 7EXPL: 0

03 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed to the ioctl and it accepts any mdio address. Currently there is support for 32 addresses in kernel via PHY_MAX_ADDR define, but it is possible to pass higher value than that via ioctl. While read/write operation sh... • https://git.kernel.org/stable/c/080bb352fad00d04995102f681b134e3754bfb6e •