Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-09T12:20:56.689963+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/824a3eb6-0fa0-4689-97cf-f7bb7712c4c1/export 824a3eb6-0fa0-4689-97cf-f7bb7712c4c1 2026-06-09T12:20:57.053622+00:00 Automation user https://cvepremium.circl.lu/user/automation {"uuid": "824a3eb6-0fa0-4689-97cf-f7bb7712c4c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48936", "type": "seen", "source": "https://t.me/cvedetector/3893", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2022-48936 - Linux Kernel virtue_net IPVS IPip Tunnel GSO Vulnerability\", \n \"Content\": \"CVE ID : CVE-2022-48936 \nPublished : Aug. 22, 2024, 4:15 a.m. | 31\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ngso: do not skip outer ip header in case of ipip and net_failover \n \nWe encounter a tcp drop issue in our cloud environment. Packet GROed in \nhost forwards to a VM virtio_net nic with net_failover enabled. VM acts \nas a IPVS LB with ipip encapsulation. The full path like: \nhost gro -> vm virtio_net rx -> net_failover rx -> ipvs fullnat \n -> ipip encap -> net_failover tx -> virtio_net tx \n \nWhen net_failover transmits a ipip pkt (gso_type = 0x0103, which means \nSKB_GSO_TCPV4, SKB_GSO_DODGY and SKB_GSO_IPXIP4), there is no gso \ndid because it supports TSO and GSO_IPXIP4. But network_header points to \ninner ip header. \n \nCall Trace: \n tcp4_gso_segment ------> return NULL \n inet_gso_segment ------> inner iph, network_header points to \n ipip_gso_segment \n inet_gso_segment ------> outer iph \n skb_mac_gso_segment \n \nAfterwards virtio_net transmits the pkt, only inner ip header is modified. \nAnd the outer one just keeps unchanged. The pkt will be dropped in remote \nhost. \n \nCall Trace: \n inet_gso_segment ------> inner iph, outer iph is skipped \n skb_mac_gso_segment \n __skb_gso_segment \n validate_xmit_skb \n validate_xmit_skb_list \n sch_direct_xmit \n __qdisc_run \n __dev_queue_xmit ------> virtio_net \n dev_hard_start_xmit \n __dev_queue_xmit ------> net_failover \n ip_finish_output2 \n ip_output \n iptunnel_xmit \n ip_tunnel_xmit \n ipip_tunnel_xmit ------> ipip \n dev_hard_start_xmit \n __dev_queue_xmit \n ip_finish_output2 \n ip_output \n ip_forward \n ip_rcv \n __netif_receive_skb_one_core \n netif_receive_skb_internal \n napi_gro_receive \n receive_buf \n virtnet_poll \n net_rx_action \n \nThe root cause of this issue is specific with the rare combination of \nSKB_GSO_DODGY and a tunnel device that adds an SKB_GSO_ tunnel option. \nSKB_GSO_DODGY is set from external virtio_net. We need to reset network \nheader when callbacks.gso_segment() returns NULL. \n \nThis patch also includes ipv6_gso_segment(), considering SIT, etc. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"22 Aug 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T06:49:31.000000Z"} 2024-08-22T06:49:31+00:00