107 matches found
UBUNTU-CVE-2026-53236
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...
CVE-2026-53075
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
CVE-2026-53075
The CVE-2026-53075 issue affects the Linux kernel PPP subsystem. A local unprivileged user can create a new user namespace (CLONE_NEWUSER), obtain CAP_NET_ADMIN only in that namespace, and still perform unattached PPP administrative IOCTLs (PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) against an i...
CVE-2026-53075 ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...
PT-2026-51969
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Point-to-Point Protocol PPP implementation where /dev/ppp open is authorized against file-f cred-user ns, while unattached administrative ioctls operate on...
Astra Linux – Vulnerability in Linux
A issue was discovered in netfilter within the Linux kernel before version 5.10. There may be a use-after-free situation in the packet processing context, as the per-CPU sequence count is mishandled during concurrent iptables rule replacements. This vulnerability could be exploited with the...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
A null pointer dereference vulnerability was discovered in the nftdynsetinit function in net/netfilter/nftdynset.c within nftables in the Linux kernel. This issue may allow a local attacker with the CAPNETADMIN user privilege to trigger a denial of service attack...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A memory leak issue was discovered in the ctnetlinkcreateconntrack function within net/netfilter/nfconntracknetlink.c in the Linux kernel. This issue may allow a local attacker with CAPNETADMIN privileges to trigger a Denial-of-Service DoS attack due to a refcount overflow...
Astra Linux – Vulnerability in Linux, Linux 5.10
A use-after-free flaw was discovered in the Linux kernel’s NFC core functionality due to a race condition between the creation and deletion of kobjects. This vulnerability allows a local attacker with CAPNETADMIN privileges to leak kernel information...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A issue was discovered in the Linux kernel before version 6.1.11. In net/netrom/afnetrom.c, there is a use-after-free condition, as “accept” is also allowed for a successfully connected AFNETROM socket. However, for an attacker to exploit this vulnerability, the system must have netrom routing...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: nl80211: Fixed an integer overflow in nl80211ParseMBSSIDElems. The nl80211ParseMBSSIDElems function uses a u8 variable numElems to count the number of MBSSID elements in the nested netlink attribute attrs. This can lead to ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
Linux Kernel nftables Out-of-Bounds Read/Write Vulnerability; nftbyteorder improperly handles the contents of VM registers when CAPNETADMIN is in any user or network namespace...
UBUNTU-CVE-2026-45840
In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies
In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsgnewNLMSGDEFAULTSIZE, ... but serialize the full upcall PID array via ovsvportgetupcallportids...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hexadecimal numbers or similar elements. However,...
CVE-2026-31570
CVE-2026-31570 relates to the Linux kernel CAN gateway module. The vulnerability is an OOB heap access in cgw_csum_crc8_rel(), caused by looping and writing using raw s8 indices (from_idx/to_idx/result_idx) instead of the precomputed bounds-safe values (from/to/res). calc_idx() yields bounds-safe...
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgwcsumcrc8rel cgwcsumcrc8rel correctly computes bounds-safe indices via calcidx: int from = calcidxcrc8-fromidx, cf-len; int to = calcidxcrc8-toidx, cf-len; int res = calcidxcrc8-resultidx, cf-len...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007261)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007261 advisory. In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires...
kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()
A flaw was found in the Linux kernel. A local attacker with CAPNETADMIN capabilities, or remote packet traffic, could exploit a use-after-free vulnerability in the nftablesaddchain function's error handling. Successful exploitation could lead to a kernel crash, resulting in a Denial of Service Do...
kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial of service
A flaw was found in the Linux kernel's Virtual Extensible LAN VXLAN implementation. An attacker with elevated privileges CAPNETADMIN can exploit this vulnerability by configuring the system to accept and forward VXLAN packets. The issue arises from an incorrect nexthop hash size, where a 32-bit...