Количество 35
Количество 35
CVE-2025-71066
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q->classes[i].qdisc); } WRITE_ONCE(q->nbands, nbands); for (i = nstrict; i < q->nstrict; i++) { if (q->class...
CVE-2025-71066
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q->classes[i].qdisc); } WRITE_ONCE(q->nbands, nbands); for (i = nstrict; i < q->nstrict; i++) { if (q->class...
CVE-2025-71066
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q->c
CVE-2025-71066
net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
CVE-2025-71066
In the Linux kernel, the following vulnerability has been resolved: n ...
GHSA-m4cc-c4jq-h2wr
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q...
SUSE-SU-2026:1801-1
Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1735-1
Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1698-1
Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)
SUSE-SU-2026:1691-1
Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7)
SUSE-SU-2026:1787-1
Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1770-1
Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1728-1
Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1710-1
Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)
SUSE-SU-2026:1694-1
Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)
SUSE-SU-2026:1686-1
Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 15 SP7)
SUSE-SU-2026:1804-1
Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1798-1
Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:1793-1
Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:1776-1
Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-71066 In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q->classes[i].qdisc); } WRITE_ONCE(q->nbands, nbands); for (i = nstrict; i < q->nstrict; i++) { if (q->class... | 0% Низкий | 5 месяцев назад | |
 | CVE-2025-71066 In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q->classes[i].qdisc); } WRITE_ONCE(q->nbands, nbands); for (i = nstrict; i < q->nstrict; i++) { if (q->class... | CVSS3: 6.2 | 0% Низкий | 5 месяцев назад |
 | CVE-2025-71066 In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q->c | 0% Низкий | 5 месяцев назад | |
 | CVE-2025-71066 net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change | CVSS3: 9.8 | 0% Низкий | 4 месяца назад |
| CVE-2025-71066 In the Linux kernel, the following vulnerability has been resolved: n ... | 0% Низкий | 5 месяцев назад | |
| GHSA-m4cc-c4jq-h2wr In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_change`. It leads to UAF on `struct Qdisc` object. Attacker requires the capability to create new user and network namespace in order to trigger the bug. See my additional commentary at the end of the analysis. Analysis: static int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt, struct netlink_ext_ack *extack) { ... // (1) this lock is preventing .change handler (`ets_qdisc_change`) //to race with .dequeue handler (`ets_qdisc_dequeue`) sch_tree_lock(sch); for (i = nbands; i < oldbands; i++) { if (i >= q->nstrict && q->classes[i].qdisc->q.qlen) list_del_init(&q->classes[i].alist); qdisc_purge_queue(q... | 0% Низкий | 5 месяцев назад | |
 | SUSE-SU-2026:1801-1 Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) | около 1 месяца назад | ||
| SUSE-SU-2026:1735-1 Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) | около 2 месяцев назад | ||
| SUSE-SU-2026:1698-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) | около 2 месяцев назад | ||
| SUSE-SU-2026:1691-1 Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7) | около 2 месяцев назад | ||
| SUSE-SU-2026:1787-1 Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) | около 1 месяца назад | ||
| SUSE-SU-2026:1770-1 Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) | около 1 месяца назад | ||
| SUSE-SU-2026:1728-1 Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise 15 SP6) | около 2 месяцев назад | ||
| SUSE-SU-2026:1710-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) | около 2 месяцев назад | ||
| SUSE-SU-2026:1694-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7) | около 2 месяцев назад | ||
| SUSE-SU-2026:1686-1 Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 15 SP7) | около 2 месяцев назад | ||
| SUSE-SU-2026:1804-1 Security update for the Linux Kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) | около 1 месяца назад | ||
| SUSE-SU-2026:1798-1 Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5) | около 1 месяца назад | ||
| SUSE-SU-2026:1793-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise 15 SP6) | около 1 месяца назад | ||
| SUSE-SU-2026:1776-1 Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6) | около 1 месяца назад |
Уязвимостей на страницу