Vulnerability Description: In the XFRM interface, the collect_md attribute can only be set during device creation. Therefore, if change_link() is called on an interface of type collect_md, it should directly return a failure. However, the check that was originally intended to enforce this restriction is only performed when locate() returns xi, but locate() itself does … Read more
Disclaimer: Please do not use the techniques mentioned in this article for illegal testing. Any direct or indirect consequences and losses caused by the dissemination or use of the information or tools provided in this article are the sole responsibility of the user. The author of this article is not responsible for any adverse consequences. … Read more
Shake Network Technology NewsClick the right to follow for the latest technology news!Part01 Vulnerability Overview A high-risk vulnerability has been discovered in the ipset subsystem of the Linux kernel netfilter, allowing local attackers to escalate privileges to root level. This vulnerability exists in the bitmap:ip implementation of the ipset framework, stemming from insufficient range validation … Read more
Multiple vulnerabilities have been discovered in HTTP/2 that are susceptible to a new attack technique called MadeYouReset, which can be exploited to launch powerful denial-of-service (DoS) attacks. Researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel stated: “MadeYouReset bypasses the limits typically imposed by servers, which allow a maximum of 100 concurrent HTTP/2 requests per … Read more
Shake Network Technology NewsClick the right to follow for the latest technology news!Part01 Vulnerability Overview Security researchers have discovered a new denial-of-service (DoS) vulnerability in the implementation of the HTTP/2 protocol, named “MadeYouReset” (CVE-2025-8671). This vulnerability was publicly disclosed on August 13, 2025, marking a significant escalation in threats related to network protocols. Attackers can … Read more
In the dead of night, you might be sleeping soundly, unaware that countless servers around the world are experiencing a storm of “forced reboots”. This is not an exaggeration. Frontline security teams are closely monitoring a new type of cyber attack called “MadeYouReset”. It acts like a top assassin, exploiting a fatal flaw in the … Read more
CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver, caused by a lack of size validation checks in the decode_data function. Malicious input from a process with CAP_NET_ADMIN capabilities may lead to an overflow of the Cooked_buf field in the Sixpack structure, resulting in kernel memory corruption. If exploited correctly, this could lead … Read more
Part01 Vulnerability Overview A critical vulnerability has been discovered in the ipset subsystem of the Linux kernel’s netfilter, allowing local attackers to escalate their privileges to root level. This vulnerability exists in the bitmap:ip implementation of the ipset framework, stemming from insufficient range validation when processing CIDR format IP address ranges. Due to the lack … Read more
Vulnerability Overview Recently, security researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel discovered a new vulnerability in the HTTP/2 protocol, named ‘MadeYouReset’ (CVE-2025-8671). This vulnerability allows attackers to bypass the server’s limit on the number of concurrent requests within a single TCP connection (typically 100), enabling large-scale denial of service (DoS) attacks. Technical Details … Read more
Click the blue text above to follow us Multiple implementations of the HTTP/2 protocol have been found to contain a new attack technique vulnerability called “MadeYouReset,” which could be used to carry out powerful denial-of-service (DoS) attacks. Researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Har’el stated: “MadeYouReset can bypass the limit of 100 concurrent … Read more
