The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArista Eos
OSArista4.20.1fx-virtual-routerCanonical Ubuntu
OSCanonical12.0414.04Debian
OSDebian7.08.0F5 Arx
APPF56.2.0 – 6.4.0Linux Kernel
OSLinux4.5 – 4.9.36 (bez)4.10 – 4.11 (bez)3.11 – 3.16.54 (bez)3.2 – 3.2.99 (bez)3.17 – 3.18.60 (bez)3.3 – 3.10.108 (bez)3.19 – 4.1.43 (bez)4.2 – 4.4.76 (bez)Openstack Cloud Magnum Orchestration
APPOpenstack7Opensuse Leap
OSOpensuse42.3Red Hat Enterprise Linux Desktop
OSRedhat6.07.0Red Hat Enterprise Linux Eus
OSRedhat7.37.47.67.7Red Hat Enterprise Linux For Real Time
OSRedhat7Red Hat Enterprise Linux For Real Time For Nfv
OSRedhat7Red Hat Enterprise Linux Server
OSRedhat6.07.0Red Hat Enterprise Linux Server Aus
OSRedhat7.37.47.67.7Red Hat Enterprise Linux Server Tus
OSRedhat7.37.47.67.7Red Hat Enterprise Linux Workstation
OSRedhat6.07.0Red Hat Mrg Realtime
APPRedhat2.0SUSE Caas Platform
APPSusewszystkie wersjeSUSE Linux Enterprise Debuginfo
APPSuse11SUSE Linux Enterprise Desktop
OSSuse12SUSE Linux Enterprise High Availability
OSSuse12SUSE Linux Enterprise High Availability Extension
OSSuse11SUSE Linux Enterprise Live Patching
OSSuse12SUSE Linux Enterprise Module For Public Cloud
APPSuse12SUSE Linux Enterprise Point Of Sale
APPSuse11SUSE Linux Enterprise Real Time Extension
OSSuse1112SUSE Linux Enterprise Server
OSSuse1112SUSE Linux Enterprise Software Development Kit
OSSuse1112SUSE Linux Enterprise Workstation Extension
OSSuse12SUSE Openstack Cloud
APPSuse6
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoSMemory
CWE
References
Related vulnerabilities
CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP