You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
tipc
About this tag
The tag 'tipc' covers discussions about the Transparent Inter-Process Communication (TIPC) protocol in the Linux kernel, focusing on security vulnerabilities and bug fixes. Recent threads detail several CVEs affecting TIPC, including a deadlock (CVE-2024-0641), a memory leak (CVE-2025-37757), a null-pointer dereference (CVE-2025-38184), and a use-after-free (CVE-2025-40280). These issues can lead to denial of service or kernel memory exhaustion. The content also addresses Microsoft's Azure Linux as a confirmed carrier of the vulnerable code and explains how VEX/CSAF attestations work. Patches have been released upstream and backported by distributors.
A subtle bug in the Linux kernel’s TIPC subsystem — a double-locking condition in tipc_crypto_key_revoke() — can be driven into a kernel‑level deadlock that lets a local, authenticated user hang or crash a machine. The issue, tracked as CVE‑2024‑0641, is an availability‑only failure (denial of...
Microsoft’s advisory that Azure Linux is the product Microsoft has identified as shipping the affected library in CVE-2025-38184 is accurate — but it is not a technical guarantee that no other Microsoft product could include the same vulnerable code. The VEX/CSAF attestation Microsoft published...
A new Linux-kernel fix tracked as CVE-2025-37757 closes a straightforward but operationally meaningful bug in the Transparent Inter‑Process Communication (TIPC) transmit path: under backlog pressure the tipc_link_xmit() routine could return -ENOBUFS without purging an skb list, leaking memory...
The Linux kernel recently received a targeted patch addressing a use‑after‑free in the Transparent Inter‑Process Communication (TIPC) subsystem: CVE‑2025‑40280 — “tipc: Fix use‑after‑free in tipc_mon_reinit_self”. The bug, reported by syzbot and flagged by KASAN traces, arises because...