Количество 112
Количество 112
GHSA-vwv2-838r-2q6p
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_close() for each tipc_conn. The problem is that tipc_conn_close() is called after releasing the IDR lock. At the same time, there might be tipc_conn_recv_work() running and it could call tipc_conn_close() for the same tipc_conn and release its last ->kref. Once we release the IDR lock in tipc_topsrv_stop(), there is no guarantee that the tipc_conn is alive. Let's hold the ref before releasing the lock and put the ref after tipc_conn_close() in tipc_topsrv_stop(). [0]: BUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165 Read of size 8 at addr ffff888099305a08 by task kworker/u4:3/435 CPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0 Hardware name: Google Go...
BDU:2025-09817
Уязвимость функции tipc_conn_close() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2025:03580-1
Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3)
SUSE-SU-2025:03571-1
Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:03557-1
Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)
SUSE-SU-2025:03553-1
Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5)
SUSE-SU-2025:03548-1
Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4)
SUSE-SU-2025:03539-1
Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4)
SUSE-SU-2025:03514-1
Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3)
SUSE-SU-2025:03503-1
Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
SUSE-SU-2025:03469-1
Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6)
SUSE-SU-2025:03566-1
Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
SUSE-SU-2025:03494-1
Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)
SUSE-SU-2025:03468-1
Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6)
SUSE-SU-2025:03465-1
Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)
ELSA-2025-17161
ELSA-2025-17161: kernel security update (MODERATE)
ELSA-2025-15648
ELSA-2025-15648: kernel security update (IMPORTANT)
ELSA-2025-15661
ELSA-2025-15661: kernel security update (IMPORTANT)
ELSA-2025-15782
ELSA-2025-15782: kernel security update (MODERATE)
SUSE-SU-2025:03310-1
Security update for the Linux Kernel
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-vwv2-838r-2q6p In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_close() for each tipc_conn. The problem is that tipc_conn_close() is called after releasing the IDR lock. At the same time, there might be tipc_conn_recv_work() running and it could call tipc_conn_close() for the same tipc_conn and release its last ->kref. Once we release the IDR lock in tipc_topsrv_stop(), there is no guarantee that the tipc_conn is alive. Let's hold the ref before releasing the lock and put the ref after tipc_conn_close() in tipc_topsrv_stop(). [0]: BUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165 Read of size 8 at addr ffff888099305a08 by task kworker/u4:3/435 CPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0 Hardware name: Google Go... | 0% Низкий | 3 месяца назад | |
 | BDU:2025-09817 Уязвимость функции tipc_conn_close() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.3 | 0% Низкий | 4 месяца назад |
 | SUSE-SU-2025:03580-1 Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) | 23 дня назад | ||
| SUSE-SU-2025:03571-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6) | 24 дня назад | ||
| SUSE-SU-2025:03557-1 Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5) | 24 дня назад | ||
| SUSE-SU-2025:03553-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP5) | 24 дня назад | ||
| SUSE-SU-2025:03548-1 Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP4) | 25 дней назад | ||
| SUSE-SU-2025:03539-1 Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP4) | 25 дней назад | ||
| SUSE-SU-2025:03514-1 Security update for the Linux Kernel (Live Patch 50 for SLE 15 SP3) | 27 дней назад | ||
| SUSE-SU-2025:03503-1 Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3) | 27 дней назад | ||
| SUSE-SU-2025:03469-1 Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP6) | 29 дней назад | ||
| SUSE-SU-2025:03566-1 Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6) | 24 дня назад | ||
| SUSE-SU-2025:03494-1 Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6) | 28 дней назад | ||
| SUSE-SU-2025:03468-1 Security update for the Linux Kernel RT (Live Patch 4 for SLE 15 SP6) | 29 дней назад | ||
| SUSE-SU-2025:03465-1 Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6) | 29 дней назад | ||
| ELSA-2025-17161 ELSA-2025-17161: kernel security update (MODERATE) | 16 дней назад | ||
| ELSA-2025-15648 ELSA-2025-15648: kernel security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-15661 ELSA-2025-15661: kernel security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2025-15782 ELSA-2025-15782: kernel security update (MODERATE) | около 2 месяцев назад | ||
| SUSE-SU-2025:03310-1 Security update for the Linux Kernel | около 1 месяца назад |
Уязвимостей на страницу