CVE-2026-43037

CVE-2026-43037 affects the Linux kernel; vulnerability arises from ip4ip6_err() using a cloned skb where the IPv6 receive path writes cb[] as inet6_skb_parm, which is then misinterpreted as IPv4 inet_skb_parm by __ip_options_echo(), causing a potential data leak/compromise. The fix includes clear...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from targetcorefile not initializing the kiwritestream field of aiocmd-iocb, which could result in a write comman...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006979)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006979 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvti: fix potential slab-use-after-free in decodesession6 When ipvti device is set to the qdisc ...

PT-2026-36454

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ip4ip6 err function where it calls icmp send using a cloned socket buffer skb containing cb data written as struct inet6 skb parm. The icmp send function passes...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005755 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument...

kernel: ip6_vti: fix slab-use-after-free in decode_session6

A use-after-free vulnerability was found in the IPv6 VTI Virtual Tunnel Interface implementation in the Linux kernel. When an IPv6 VTI device uses the SFB Stochastic Fair Blue qdisc, the control block cb field of an skb can be modified during packet enqueuing. The decodesession6 function then rea...

kernel: ip6_vti: fix slab-use-after-free in decode_session6

A use-after-free vulnerability was found in the IPv6 VTI Virtual Tunnel Interface implementation in the Linux kernel. When an IPv6 VTI device uses the SFB Stochastic Fair Blue qdisc, the control block cb field of an skb can be modified during packet enqueuing. The decodesession6 function then rea...

CVE-2026-23059

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992822)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992822 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2capreassemblesdu Fix the race condition between...

SUSE CVE-2025-68734

In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: hfcsusb: fix memory leak in hfcsusbprobe In hfcsusbprobe, the memory allocated for ctrlurb gets leaked when setupinstance fails with an error code. Fix that by freeing the urb before freeing the hw structure. Also...

CVE-2023-54039

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939tptxdatnew: fix out-of-bounds memory access In the j1939tptxdatnew function, an out-of-bounds memory access could occur during the memcpy operation if the size of skb-cb is larger than the size of struct...

CVE-2023-54039

The CVE-2023-54039 issue is in the Linux kernel’s CAN J1939 code, specifically j1939_tp_tx_dat_new(). The vulnerability arises when a memcpy uses skb->cb’s size, allowing an out-of-bounds read if skb->cb is larger than struct j1939_sk_buff_cb. The fix changes memcpy to use the size of struc...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper modification of tcskbcb by the BPF program, which could lead to data corruption...

CVE-2023-53821

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix slab-use-after-free in decodesession6 When ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may occur when ipv6vti device sen...

SUSE CVE-2025-40290

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

EUVD-2025-201616

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

DEBIAN-CVE-2022-50629

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsicoexattach The coexcb needs to be freed when rsicreatekthread failed in rsicoexattach...

UBUNTU-CVE-2025-40290

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

CVE-2025-40290 xsk: avoid data corruption on cq descriptor number

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

CVE-2025-40290

The CVE-2025-40290 entry documents a Linux kernel issue in the XDP/SKC path (xsk) where the descriptor number was stored in the skb control block. This could trigger a kernel NULL pointer dereference during packet reception/transmission, leading to a kernel panic. The root cause is improper use o...