Canonical

Ubuntu 25.10

3177 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.25%
  • Veröffentlicht 03.04.2026 15:15:41
  • Zuletzt bearbeitet 20.05.2026 15:30:09

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user After commit ab4eedb790ca ("Bluetooth: L2CAP: Fix corrupted list in hci_chan_del"), l2cap_conn_del() uses conn->lock t...

  • EPSS 0.26%
  • Veröffentlicht 03.04.2026 15:15:41
  • Zuletzt bearbeitet 20.05.2026 15:27:46

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following trace caused by not dropping l2cap_conn reference when user->remove callback is called: [ 97.809249] l2cap_conn_free: ...

  • EPSS 0.12%
  • Veröffentlicht 03.04.2026 15:15:40
  • Zuletzt bearbeitet 26.05.2026 14:36:24

In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect syzkaller reported a bug [1], and the reproducer is available at [2]. ROSE sockets use four sk->sk_state ...

  • EPSS 0.13%
  • Veröffentlicht 03.04.2026 15:15:39
  • Zuletzt bearbeitet 26.05.2026 14:38:45

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() ctnetlink_dump_exp_ct() stores a conntrack pointer in cb->data for the netlink dump callback ctnetlink_exp_ct_du...

  • EPSS 0.3%
  • Veröffentlicht 03.04.2026 15:15:39
  • Zuletzt bearbeitet 26.05.2026 14:37:17

In the Linux kernel, the following vulnerability has been resolved: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which call iptunnel_xmit_stats(). iptunnel_x...

  • EPSS 0.38%
  • Veröffentlicht 03.04.2026 15:15:38
  • Zuletzt bearbeitet 26.05.2026 14:40:03

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length header with simple_strtoul(), which returns unsigned l...

  • EPSS 0.45%
  • Veröffentlicht 03.04.2026 15:15:37
  • Zuletzt bearbeitet 26.05.2026 14:41:06

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case In decode_int(), the CONS case calls get_bits(bs, 2) to read a length value, then calls get_uint(bs, len) witho...

  • EPSS 0.12%
  • Veröffentlicht 03.04.2026 15:15:36
  • Zuletzt bearbeitet 26.05.2026 14:48:52

In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown A potential race condition exists in mana_hwc_destroy_channel() where hwc->caller_ctx is freed be...

  • EPSS 0.51%
  • Veröffentlicht 03.04.2026 15:15:36
  • Zuletzt bearbeitet 26.05.2026 14:43:03

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() In DecodeQ931(), the UserUserIE code path reads a 16-bit length from the packet, then decrements it by 1 to skip...

  • EPSS 0.09%
  • Veröffentlicht 03.04.2026 15:15:34
  • Zuletzt bearbeitet 26.05.2026 14:52:12

In the Linux kernel, the following vulnerability has been resolved: PM: runtime: Fix a race condition related to device removal The following code in pm_runtime_work() may dereference the dev->parent pointer after the parent device has been freed: ...