VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
No fix, workaround or mitigation extracted yet
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSG_ZEROCOPY pinned-pages accounting virtio_transport_init_zcopy_skb() uses iter->count as the size argument for msg_zerocopy_realloc(), which in turn passes it to mm_account_pinned_pages() for RLIMIT_MEMLOCK accounting. However, this function is called after virtio_transport_fill_skb() has already consumed the iterator via __zerocopy_sg_from_iter(), so on the last skb, iter->count will be 0, skipping the RLIMIT_MEMLOCK enforcement. Pass pkt_len (the total bytes being sent) as an explicit parameter to virtio_transport_init_zcopy_skb() instead of reading the already-consumed iter->count. This matches TCP and UDP, which both call msg_zerocopy_realloc() with the original message size. This vulnerability involves an accounting error in the `MSG_ZEROCOPY` pinned-pages mechanism, where the system's resource limit for locked memory (`RLIMIT_MEMLOCK`) may not be properly enforced. This could allow a local attacker or a malicious virtual machine guest to bypass memory locking restrictions, potentially leading to resource exhaustion or a denial of service (DoS) condition. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-911. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 9.
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict several matches to inet family This is a partial revert of: commit ab4f21e6fb1c ("netfilter: xtables: use NFPROTO_UNSPEC in more extensions") to allow ipv4 and ipv6 only. - xt_mac - xt_owner - xt_physdev These extensions are not used by ebtables in userspace. Moreover, xt_realm is only for ipv4, since dst->tclassid is ipv4 specific. This vulnerability allowed certain network filtering rules, specifically those involving `xt_mac`, `xt_owner`, `xt_physdev`, and `xt_realm` matches, to be applied outside of their intended internet protocol (IPv4 and IPv6) contexts. This could enable an attacker to bypass established network security policies, potentially leading to unauthorized network access or unintended packet processing. Red Hat severity: Low — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-551. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Will not fix / out of support: Red Hat Enterprise Linux 6. Red Hat does not currently list a fixing RHSA for this CVE.
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix OOB in pcpu_init_value An out-of-bounds read occurs when copying element from a BPF_MAP_TYPE_CGROUP_STORAGE map to another pcpu map with the same value_size that is not rounded up to 8 bytes. The issue happens when: 1. A CGROUP_STORAGE map is created with value_size not aligned to 8 bytes (e.g., 4 bytes) 2. This vulnerability, located in the BPF (Berkeley Packet Filter) subsystem, involves an out-of-bounds read when data is copied between specific types of BPF maps. The system incorrectly handles data sizes that are not aligned to a specific memory boundary, causing it to read beyond the intended memory area. A local attacker could potentially exploit this issue to cause a system crash (denial of service) or gain access to sensitive information. Red Hat severity: Moderate — CVSS 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Weakness: CWE-805. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvm_s390_pci_aif_enable(), kvm_s390_pci_aif_disable(), and aen_host_forward() index the GAIT by manually multiplying the index with sizeof(struct zpci_gaite). Since aift->gait is already a struct zpci_gaite pointer, this double-scales the offset, accessing element aisb*16 instead of aisb. This causes out-of-bounds accesses when aisb >= 32 (with ZPCI_NR_DEVICES=512) Fix by removing the erroneous sizeof multiplication. A flaw was found in the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem, specifically affecting s390 PCI devices. This vulnerability arises from incorrect pointer arithmetic during the indexing of the Guest Access Instruction Table (GAIT), leading to out-of-bounds memory access. A local attacker or a malicious guest operating system could exploit this to read or write data beyond allocated memory boundaries, potentially causing system instability or a denial of service. Red Hat severity: Moderate — CVSS 6.4 (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Weakness: CWE-468. Affected Red Hat products: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9. Red Hat does not currently list a fixing RHSA for this CVE.
In the Linux kernel, the following vulnerability has been resolved: pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the current PPPoE driver assumes an uncompressed (2-byte) protocol field. However, the generic PPP layer function ppp_input() is not aware of the negotiation result, and still accepts PFC frames. If a peer with a broken implementation or an attacker sends a frame with a compressed (1-byte) protocol field, the subsequent PPP payload is shifted by one byte. This causes the network header to be 4-byte misaligned, which may trigger unaligned access exceptions on some architectures. Introduce ppp_skb_is_compressed_proto() helper function to be used in both ppp_generic.c and pppoe.c to avoid open-coding. A flaw was found in the Linux kernel's Point-to-Point Protocol over Ethernet (PPPoE) driver. A remote attacker or a peer with a misconfigured implementation could send specially crafted Protocol Field Compression (PFC) frames. This could lead to a one-byte shift in the PPP payload, causing a four-byte misalignment of the network header. On certain architectures, this misalignment may trigger unaligned access exceptions, potentially leading to a denial of service or system instability.
Fix abuse of kprobe_write_ctx via freplace. Red Hat rates this moderate (CVSS 6.4). Weakness: CWE-94.
prevent uninitialized lcn caused by zero len. Red Hat rates this moderate. Weakness: CWE-824.
fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF. Red Hat rates this low (CVSS 5.5). Weakness: CWE-131.
Fix RCU stall in bpf_fd_array_map_clear(). Red Hat rates this low (CVSS 5.5). Weakness: CWE-820.
wake raid456 reshape waiters before suspend. Red Hat rates this low (CVSS 5.5). Weakness: CWE-833.
fix queue limit check to include reordered packets. Red Hat rates this low (CVSS 5.5). Weakness: CWE-770.
Fix ld_{abs,ind} failure path analysis in subprogs. Red Hat rates this moderate (CVSS 6.4). Weakness: CWE-253.
prevent NULL vif dereference in mt7925_mac_write_txwi. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-476.
fix skb memory leak in deferred qdisc drops. Red Hat rates this moderate. Weakness: CWE-772.
fix NULL dereference of "old" filters before change(). Red Hat rates this low (CVSS 5.5). Weakness: CWE-476.
fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-131.
fix deadlock between reflink and transaction commit when using flushoncommit. Red Hat rates this moderate (CVSS 5.5).
Fix incorrect ARRAY_SIZE in fabric lookup tables. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-131.
Enforce regsafe base id consistency for BPF_ADD_CONST scalars. Red Hat rates this moderate (CVSS 6.4). Weakness: CWE-386.
return VMA snapshot from task_vma iterator. Red Hat rates this moderate (CVSS 5.5). Weakness: CWE-833.