Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed an issue where the dstclone function was used, but the result was set incorrectly. This issue arises because the entry might have a reference count of 0 or be already deleted, causing various problems...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bridge: switchdev: Fixed memory leaks when changing the VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or via the 8021q driver. When the former is used, the VLAN is marked in the...

UBUNTU-CVE-2026-43451

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in allowedingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port state is forwarding and t...

CVE-2026-2925

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack...

CVE-2026-2925

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack...

CVE-2026-2925 D-Link DWR-M960 Bridge VLAN Configuration Endpoint formBridgeVlan sub_42B5A0 stack-based overflow

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack...

CVE-2026-2925

CVE-2026-2925 details (D-Link DWR-M960, firmware 1.01.07) : The vulnerability affects the function sub_42B5A0 in /boafrm/formBridgeVlan (Bridge VLAN Configuration Endpoint). Manipulating the argument submit-url triggers a stack-based buffer overflow. The issue can be exploited remotely, and publi...

CVE-2026-2925 D-Link DWR-M960 Bridge VLAN Configuration Endpoint formBridgeVlan sub_42B5A0 stack-based overflow

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack...

CVE-2026-2925

A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub42B5A0 of the file /boafrm/formBridgeVlan of the component Bridge VLAN Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack...

D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from incorrect handling of parameters submitted in the function sub42B5A0 within the component Bridge VLAN Configuration Endpoint’s...

PT-2026-21414

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A flaw exists in the D-Link DWR-M960 router firmware that allows for remote exploitation. The issue is located within the sub 42B5A0 function of the /boafrm/formBridgeVlan component, specifically in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988716)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988716 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst null pointer dereference This patch fixes a tunneldst null point...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986876)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986876 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dstclone and...

DEBIAN-CVE-2025-37865

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Russell King reports that on the ZII dev rev B, deleting a bridge VLAN from a user port fails with -ENOENT:...

UBUNTU-CVE-2025-37865

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Russell King reports that on the ZII dev rev B, deleting a bridge VLAN from a user port fails with -ENOENT:...

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2021-47222: net: bridge: fix vlan tunnel dst refcnt when egressing bsc1224857. CVE-2021-47223: net: bridge: fix vlan tunnel dst null pointer dereference bsc1224856...

UBUNTU-CVE-2024-40921

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: pass vlan group directly to brmstvlansetstate Pass the already obtained vlan group pointer to brmstvlansetstate instead of dereferencing it again. Each caller has already correctly dereferenced it for their...

SUSE CVE-2024-36979

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage1 in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path br forward delay...

DEBIAN-CVE-2022-48748

In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in allowedingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port state is forwarding and t...