Vulnerability-Lookup

SUSE-SU-2026:0202-1

Vulnerability from csaf_suse - Published: 2026-01-21 14:35 - Updated: 2026-01-21 14:35

Summary

Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7)

Description of the patch

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.11 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248670). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1250192). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).

Patchnames

SUSE-2026-202,SUSE-SLE-Module-Live-Patching-15-SP6-2026-202,SUSE-SLE-Module-Live-Patching-15-SP7-2026-205

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.11 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787).\n- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248670).\n- CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1250192).\n- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-202,SUSE-SLE-Module-Live-Patching-15-SP6-2026-202,SUSE-SLE-Module-Live-Patching-15-SP7-2026-205",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0202-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:0202-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260202-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:0202-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023839.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1248670",
        "url": "https://bugzilla.suse.com/1248670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1250192",
        "url": "https://bugzilla.suse.com/1250192"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251787",
        "url": "https://bugzilla.suse.com/1251787"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1253437",
        "url": "https://bugzilla.suse.com/1253437"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-53676 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-53676/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38608 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38608/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-39682 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-39682/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-40204 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-40204/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7)",
    "tracking": {
      "current_release_date": "2026-01-21T14:35:49Z",
      "generator": {
        "date": "2026-01-21T14:35:49Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:0202-1",
      "initial_release_date": "2026-01-21T14:35:49Z",
      "revision_history": [
        {
          "date": "2026-01-21T14:35:49Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
                  "product_id": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
                  "product_id": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
                  "product_id": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
                  "product_id": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
                  "product_id": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64",
                  "product_id": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP6",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP6",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP7",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-53676",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-53676"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()\n\nThe function lio_target_nacl_info_show() uses sprintf() in a loop to print\ndetails for every iSCSI connection in a session without checking for the\nbuffer length. With enough iSCSI connections it\u0027s possible to overflow the\nbuffer provided by configfs and corrupt the memory.\n\nThis patch replaces sprintf() with sysfs_emit_at() that checks for buffer\nboundries.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-53676",
          "url": "https://www.suse.com/security/cve/CVE-2023-53676"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251786 for CVE-2023-53676",
          "url": "https://bugzilla.suse.com/1251786"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1251787 for CVE-2023-53676",
          "url": "https://bugzilla.suse.com/1251787"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T14:35:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-53676"
    },
    {
      "cve": "CVE-2025-38608",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38608"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls\n\nWhen sending plaintext data, we initially calculated the corresponding\nciphertext length. However, if we later reduced the plaintext data length\nvia socket policy, we failed to recalculate the ciphertext length.\n\nThis results in transmitting buffers containing uninitialized data during\nciphertext transmission.\n\nThis causes uninitialized bytes to be appended after a complete\n\"Application Data\" packet, leading to errors on the receiving end when\nparsing TLS record.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38608",
          "url": "https://www.suse.com/security/cve/CVE-2025-38608"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248338 for CVE-2025-38608",
          "url": "https://bugzilla.suse.com/1248338"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248670 for CVE-2025-38608",
          "url": "https://bugzilla.suse.com/1248670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T14:35:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-38608"
    },
    {
      "cve": "CVE-2025-39682",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-39682"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix handling of zero-length records on the rx_list\n\nEach recvmsg() call must process either\n - only contiguous DATA records (any number of them)\n - one non-DATA record\n\nIf the next record has different type than what has already been\nprocessed we break out of the main processing loop. If the record\nhas already been decrypted (which may be the case for TLS 1.3 where\nwe don\u0027t know type until decryption) we queue the pending record\nto the rx_list. Next recvmsg() will pick it up from there.\n\nQueuing the skb to rx_list after zero-copy decrypt is not possible,\nsince in that case we decrypted directly to the user space buffer,\nand we don\u0027t have an skb to queue (darg.skb points to the ciphertext\nskb for access to metadata like length).\n\nOnly data records are allowed zero-copy, and we break the processing\nloop after each non-data record. So we should never zero-copy and\nthen find out that the record type has changed. The corner case\nwe missed is when the initial record comes from rx_list, and it\u0027s\nzero length.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-39682",
          "url": "https://www.suse.com/security/cve/CVE-2025-39682"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249284 for CVE-2025-39682",
          "url": "https://bugzilla.suse.com/1249284"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250192 for CVE-2025-39682",
          "url": "https://bugzilla.suse.com/1250192"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T14:35:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-39682"
    },
    {
      "cve": "CVE-2025-40204",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-40204"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-40204",
          "url": "https://www.suse.com/security/cve/CVE-2025-40204"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253436 for CVE-2025-40204",
          "url": "https://bugzilla.suse.com/1253436"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253437 for CVE-2025-40204",
          "url": "https://bugzilla.suse.com/1253437"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_65-default-5-150600.2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_11-default-5-150700.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-21T14:35:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-40204"
    }
  ]
}

CVE-2025-39682 (GCVE-0-2025-39682)

Vulnerability from cvelistv5 – Published: 2025-09-05 17:20 – Updated: 2025-11-03 17:42

Title

tls: fix handling of zero-length records on the rx_list

Summary

In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_list. Next recvmsg() will pick it up from there. Queuing the skb to rx_list after zero-copy decrypt is not possible, since in that case we decrypted directly to the user space buffer, and we don't have an skb to queue (darg.skb points to the ciphertext skb for access to metadata like length). Only data records are allowed zero-copy, and we break the processing loop after each non-data record. So we should never zero-copy and then find out that the record type has changed. The corner case we missed is when the initial record comes from rx_list, and it's zero length.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2902c3ebcca52ca84…
	https://git.kernel.org/stable/c/c09dd3773b5950e9c…
	https://git.kernel.org/stable/c/3439c15ae91a517cf…
	https://git.kernel.org/stable/c/29c0ce3c8cdb6dc5d…
	https://git.kernel.org/stable/c/62708b9452f8eb775…

Impacted products

Vendor

Product

Version

Linux

Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 2902c3ebcca52ca845c03182000e8d71d3a5196f (git)
Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < c09dd3773b5950e9cfb6c9b9a5f6e36d06c62677 (git)
Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 3439c15ae91a517cf3c650ea15a8987699416ad9 (git)
Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 29c0ce3c8cdb6dc5d61139c937f34cb888a6f42e (git)
Affected: 84c61fe1a75b4255df1e1e7c054c9e6d048da417 , < 62708b9452f8eb77513115b17c4f8d1a22ebf843 (git)

Linux

Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 6.1.149 , ≤ 6.1.* (semver)
Unaffected: 6.6.103 , ≤ 6.6.* (semver)
Unaffected: 6.12.44 , ≤ 6.12.* (semver)
Unaffected: 6.16.4 , ≤ 6.16.* (semver)
Unaffected: 6.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:42:13.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2902c3ebcca52ca845c03182000e8d71d3a5196f",
              "status": "affected",
              "version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
              "versionType": "git"
            },
            {
              "lessThan": "c09dd3773b5950e9cfb6c9b9a5f6e36d06c62677",
              "status": "affected",
              "version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
              "versionType": "git"
            },
            {
              "lessThan": "3439c15ae91a517cf3c650ea15a8987699416ad9",
              "status": "affected",
              "version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
              "versionType": "git"
            },
            {
              "lessThan": "29c0ce3c8cdb6dc5d61139c937f34cb888a6f42e",
              "status": "affected",
              "version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
              "versionType": "git"
            },
            {
              "lessThan": "62708b9452f8eb77513115b17c4f8d1a22ebf843",
              "status": "affected",
              "version": "84c61fe1a75b4255df1e1e7c054c9e6d048da417",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.103",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.44",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.149",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.103",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.44",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.4",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix handling of zero-length records on the rx_list\n\nEach recvmsg() call must process either\n - only contiguous DATA records (any number of them)\n - one non-DATA record\n\nIf the next record has different type than what has already been\nprocessed we break out of the main processing loop. If the record\nhas already been decrypted (which may be the case for TLS 1.3 where\nwe don\u0027t know type until decryption) we queue the pending record\nto the rx_list. Next recvmsg() will pick it up from there.\n\nQueuing the skb to rx_list after zero-copy decrypt is not possible,\nsince in that case we decrypted directly to the user space buffer,\nand we don\u0027t have an skb to queue (darg.skb points to the ciphertext\nskb for access to metadata like length).\n\nOnly data records are allowed zero-copy, and we break the processing\nloop after each non-data record. So we should never zero-copy and\nthen find out that the record type has changed. The corner case\nwe missed is when the initial record comes from rx_list, and it\u0027s\nzero length."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:57:19.459Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2902c3ebcca52ca845c03182000e8d71d3a5196f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c09dd3773b5950e9cfb6c9b9a5f6e36d06c62677"
        },
        {
          "url": "https://git.kernel.org/stable/c/3439c15ae91a517cf3c650ea15a8987699416ad9"
        },
        {
          "url": "https://git.kernel.org/stable/c/29c0ce3c8cdb6dc5d61139c937f34cb888a6f42e"
        },
        {
          "url": "https://git.kernel.org/stable/c/62708b9452f8eb77513115b17c4f8d1a22ebf843"
        }
      ],
      "title": "tls: fix handling of zero-length records on the rx_list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39682",
    "datePublished": "2025-09-05T17:20:48.657Z",
    "dateReserved": "2025-04-16T07:20:57.113Z",
    "dateUpdated": "2025-11-03T17:42:13.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-38608 (GCVE-0-2025-38608)

Vulnerability from cvelistv5 – Published: 2025-08-19 17:03 – Updated: 2025-11-03 17:40

Title

bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete "Application Data" packet, leading to errors on the receiving end when parsing TLS record.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6ba20ff3cdb96a908…
	https://git.kernel.org/stable/c/849d24dc5aed45ebe…
	https://git.kernel.org/stable/c/73fc5d04009d3969f…
	https://git.kernel.org/stable/c/16aca8bb4ad0d8a13…
	https://git.kernel.org/stable/c/0e853c1464bcf6120…
	https://git.kernel.org/stable/c/ee03766d79de0f61e…
	https://git.kernel.org/stable/c/90d6ef67440cec2a0…
	https://git.kernel.org/stable/c/1e480387d4b42776f…
	https://git.kernel.org/stable/c/178f6a5c8cb3b6be1…

Impacted products

Vendor

Product

Version

Linux

Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 6ba20ff3cdb96a908b9dc93cf247d0b087672e7c (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 849d24dc5aed45ebeb3490df429356739256ac40 (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 73fc5d04009d3969ff8e8574f0fd769f04124e59 (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 16aca8bb4ad0d8a13c8b6da4007f4e52d53035bb (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 0e853c1464bcf61207f8b5c32d2ac5ee495e859d (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < ee03766d79de0f61ea29ffb6ab1c7b196ea1b02e (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 90d6ef67440cec2a0aad71a0108c8f216437345c (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 1e480387d4b42776f8957fb148af9d75ce93b96d (git)
Affected: 7246d8ed4dcce23f7509949a77be15fa9f0e3d28 , < 178f6a5c8cb3b6be1602de0964cd440243f493c9 (git)

Linux

Affected: 5.0
Unaffected: 0 , < 5.0 (semver)
Unaffected: 5.4.297 , ≤ 5.4.* (semver)
Unaffected: 5.10.241 , ≤ 5.10.* (semver)
Unaffected: 5.15.190 , ≤ 5.15.* (semver)
Unaffected: 6.1.148 , ≤ 6.1.* (semver)
Unaffected: 6.6.102 , ≤ 6.6.* (semver)
Unaffected: 6.12.42 , ≤ 6.12.* (semver)
Unaffected: 6.15.10 , ≤ 6.15.* (semver)
Unaffected: 6.16.1 , ≤ 6.16.* (semver)
Unaffected: 6.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:40:21.692Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6ba20ff3cdb96a908b9dc93cf247d0b087672e7c",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "849d24dc5aed45ebeb3490df429356739256ac40",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "73fc5d04009d3969ff8e8574f0fd769f04124e59",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "16aca8bb4ad0d8a13c8b6da4007f4e52d53035bb",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "0e853c1464bcf61207f8b5c32d2ac5ee495e859d",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "ee03766d79de0f61ea29ffb6ab1c7b196ea1b02e",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "90d6ef67440cec2a0aad71a0108c8f216437345c",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "1e480387d4b42776f8957fb148af9d75ce93b96d",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            },
            {
              "lessThan": "178f6a5c8cb3b6be1602de0964cd440243f493c9",
              "status": "affected",
              "version": "7246d8ed4dcce23f7509949a77be15fa9f0e3d28",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls\n\nWhen sending plaintext data, we initially calculated the corresponding\nciphertext length. However, if we later reduced the plaintext data length\nvia socket policy, we failed to recalculate the ciphertext length.\n\nThis results in transmitting buffers containing uninitialized data during\nciphertext transmission.\n\nThis causes uninitialized bytes to be appended after a complete\n\"Application Data\" packet, leading to errors on the receiving end when\nparsing TLS record."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:54:42.829Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6ba20ff3cdb96a908b9dc93cf247d0b087672e7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/849d24dc5aed45ebeb3490df429356739256ac40"
        },
        {
          "url": "https://git.kernel.org/stable/c/73fc5d04009d3969ff8e8574f0fd769f04124e59"
        },
        {
          "url": "https://git.kernel.org/stable/c/16aca8bb4ad0d8a13c8b6da4007f4e52d53035bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e853c1464bcf61207f8b5c32d2ac5ee495e859d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee03766d79de0f61ea29ffb6ab1c7b196ea1b02e"
        },
        {
          "url": "https://git.kernel.org/stable/c/90d6ef67440cec2a0aad71a0108c8f216437345c"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e480387d4b42776f8957fb148af9d75ce93b96d"
        },
        {
          "url": "https://git.kernel.org/stable/c/178f6a5c8cb3b6be1602de0964cd440243f493c9"
        }
      ],
      "title": "bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38608",
    "datePublished": "2025-08-19T17:03:51.688Z",
    "dateReserved": "2025-04-16T04:51:24.028Z",
    "dateUpdated": "2025-11-03T17:40:21.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40204 (GCVE-0-2025-40204)

Vulnerability from cvelistv5 – Published: 2025-11-12 21:56 – Updated: 2025-12-01 06:20

Title

sctp: Fix MAC comparison to be constant-time

Summary

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b93fa8dc521d00d2d…
	https://git.kernel.org/stable/c/0e8b8c326c2a6de4d…
	https://git.kernel.org/stable/c/1cd60e0d0fb8f0e62…
	https://git.kernel.org/stable/c/9c05d44ec24126fc2…
	https://git.kernel.org/stable/c/ed3044b9c810c5c24…
	https://git.kernel.org/stable/c/8019b3699289fce3f…
	https://git.kernel.org/stable/c/0b32ff285ff6f6f1a…
	https://git.kernel.org/stable/c/dd91c79e4f58fbe28…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b93fa8dc521d00d2d44bf034fb90e0d79b036617 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0e8b8c326c2a6de4d837b1bb034ea704f4690d77 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1cd60e0d0fb8f0e62ec4499138afce6342dc9d4c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9c05d44ec24126fc283835b68f82dba3ae985209 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ed3044b9c810c5c24eb2830053fbfe5fd134c5d4 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8019b3699289fce3f10b63f98601db97b8d105b0 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0b32ff285ff6f6f1ac1d9495787ccce8837d6405 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dd91c79e4f58fbe2898dac84858033700e0e99fb (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.301 , ≤ 5.4.* (semver)
Unaffected: 5.10.246 , ≤ 5.10.* (semver)
Unaffected: 5.15.195 , ≤ 5.15.* (semver)
Unaffected: 6.1.157 , ≤ 6.1.* (semver)
Unaffected: 6.6.113 , ≤ 6.6.* (semver)
Unaffected: 6.12.54 , ≤ 6.12.* (semver)
Unaffected: 6.17.4 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sm_make_chunk.c",
            "net/sctp/sm_statefuns.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b93fa8dc521d00d2d44bf034fb90e0d79b036617",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0e8b8c326c2a6de4d837b1bb034ea704f4690d77",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1cd60e0d0fb8f0e62ec4499138afce6342dc9d4c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9c05d44ec24126fc283835b68f82dba3ae985209",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ed3044b9c810c5c24eb2830053fbfe5fd134c5d4",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8019b3699289fce3f10b63f98601db97b8d105b0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0b32ff285ff6f6f1ac1d9495787ccce8837d6405",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "dd91c79e4f58fbe2898dac84858033700e0e99fb",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/sm_make_chunk.c",
            "net/sctp/sm_statefuns.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.157",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.113",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.54",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.4",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix MAC comparison to be constant-time\n\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:20:07.600Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b93fa8dc521d00d2d44bf034fb90e0d79b036617"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e8b8c326c2a6de4d837b1bb034ea704f4690d77"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cd60e0d0fb8f0e62ec4499138afce6342dc9d4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c05d44ec24126fc283835b68f82dba3ae985209"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed3044b9c810c5c24eb2830053fbfe5fd134c5d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/8019b3699289fce3f10b63f98601db97b8d105b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b32ff285ff6f6f1ac1d9495787ccce8837d6405"
        },
        {
          "url": "https://git.kernel.org/stable/c/dd91c79e4f58fbe2898dac84858033700e0e99fb"
        }
      ],
      "title": "sctp: Fix MAC comparison to be constant-time",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40204",
    "datePublished": "2025-11-12T21:56:35.110Z",
    "dateReserved": "2025-04-16T07:20:57.179Z",
    "dateUpdated": "2025-12-01T06:20:07.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-53676 (GCVE-0-2023-53676)

Vulnerability from cvelistv5 – Published: 2025-10-07 15:21 – Updated: 2026-01-05 10:21

Title

scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/df349e84c2cb0dd05…
	https://git.kernel.org/stable/c/114b44dddea1f8f99…
	https://git.kernel.org/stable/c/2cbe6a88fbdd6e8ae…
	https://git.kernel.org/stable/c/bbe3ff47bf09db895…
	https://git.kernel.org/stable/c/5353df78c22623b42…
	https://git.kernel.org/stable/c/4738bf8b2d3635c29…
	https://git.kernel.org/stable/c/0cac6cbb990830935…
	https://git.kernel.org/stable/c/801f287c93ff95582…

Impacted products

Vendor

Product

Version

Linux

Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < df349e84c2cb0dd05d98c8e1189c26ab4b116083 (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 114b44dddea1f8f99576de3c0e6e9059012002fc (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6 (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 5353df78c22623b42a71d51226d228a8413097e2 (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 4738bf8b2d3635c2944b81b2a84d97b8c8b0978d (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 0cac6cbb9908309352a5d30c1876882771d3da50 (git)
Affected: e48354ce078c079996f89d715dfa44814b4eba01 , < 801f287c93ff95582b0a2d2163f12870a2f076d4 (git)

Linux

Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 4.14.326 , ≤ 4.14.* (semver)
Unaffected: 4.19.295 , ≤ 4.19.* (semver)
Unaffected: 5.4.257 , ≤ 5.4.* (semver)
Unaffected: 5.10.197 , ≤ 5.10.* (semver)
Unaffected: 5.15.133 , ≤ 5.15.* (semver)
Unaffected: 6.1.55 , ≤ 6.1.* (semver)
Unaffected: 6.5.5 , ≤ 6.5.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/iscsi/iscsi_target_configfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "df349e84c2cb0dd05d98c8e1189c26ab4b116083",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "114b44dddea1f8f99576de3c0e6e9059012002fc",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "5353df78c22623b42a71d51226d228a8413097e2",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "4738bf8b2d3635c2944b81b2a84d97b8c8b0978d",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "0cac6cbb9908309352a5d30c1876882771d3da50",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            },
            {
              "lessThan": "801f287c93ff95582b0a2d2163f12870a2f076d4",
              "status": "affected",
              "version": "e48354ce078c079996f89d715dfa44814b4eba01",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/target/iscsi/iscsi_target_configfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.326",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.257",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.133",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.326",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.295",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.257",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.197",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.133",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.55",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.5",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()\n\nThe function lio_target_nacl_info_show() uses sprintf() in a loop to print\ndetails for every iSCSI connection in a session without checking for the\nbuffer length. With enough iSCSI connections it\u0027s possible to overflow the\nbuffer provided by configfs and corrupt the memory.\n\nThis patch replaces sprintf() with sysfs_emit_at() that checks for buffer\nboundries."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:21:49.841Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/df349e84c2cb0dd05d98c8e1189c26ab4b116083"
        },
        {
          "url": "https://git.kernel.org/stable/c/114b44dddea1f8f99576de3c0e6e9059012002fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5353df78c22623b42a71d51226d228a8413097e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/4738bf8b2d3635c2944b81b2a84d97b8c8b0978d"
        },
        {
          "url": "https://git.kernel.org/stable/c/0cac6cbb9908309352a5d30c1876882771d3da50"
        },
        {
          "url": "https://git.kernel.org/stable/c/801f287c93ff95582b0a2d2163f12870a2f076d4"
        }
      ],
      "title": "scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53676",
    "datePublished": "2025-10-07T15:21:31.757Z",
    "dateReserved": "2025-10-07T15:16:59.664Z",
    "dateUpdated": "2026-01-05T10:21:49.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:0202-1

CVE-2025-39682 (GCVE-0-2025-39682)

CVE-2025-38608 (GCVE-0-2025-38608)

CVE-2025-40204 (GCVE-0-2025-40204)

CVE-2023-53676 (GCVE-0-2023-53676)

Tags

Sightings

Nomenclature