CVE-2026-23331 udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected.

In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind an UDP socket to the wildcard address with a non-zero port, connect it to an address, and disconnect it from the address. bind sets...

CVE-2026-23331

In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind an UDP socket to the wildcard address with a non-zero port, connect it to an address, and disconnect it from the address. bind sets...

CVE-2026-23302 net: annotate data-races around sk->sk_{data_ready,write_space}

In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them concurrently. Add corresponding READONCE/WRITEONCE annotations for UDP, TCP an...

CVE-2026-23302

Summary (CVE-2026-23302): The Linux kernel patch resolves a data-race in data-path pointers sk->sk_data_ready and sk->sk_write_space, where skmsg and possibly other layers could modify these pointers while others may read them concurrently. The fix adds corresponding READ_ONCE()/WRITE_ONCE(...

CVE-2026-23302 net: annotate data-races around sk->sk_{data_ready,write_space}

In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them concurrently. Add corresponding READONCE/WRITEONCE annotations for UDP, TCP an...

Linux Distros Unpatched Vulnerability : CVE-2026-23302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them...

CVE-2026-30872 OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS lookup

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the matchipv6addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains .ip6.arpa receiv...

SUSE CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

EUVD-2026-12884

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

DEBIAN-CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

UBUNTU-CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

CVE-2026-23254 net: gro: fix outer network offset

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

CVE-2026-23254 net: gro: fix outer network offset

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

CVE-2026-23254

CVE-2026-23254 (Linux kernel): The issue affects UDP GRO in the net/ gro path, where the complete stage incorrectly uses the inner network offset when the encapsulation flag is not reliably zeroed by hardware offloads. The root cause is an assumption that all RX-inserted packets have encapsulatio...

Linux Distros Unpatched Vulnerability : CVE-2026-23254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption i...

CVE-2026-28522

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulti...

CVE-2026-28522

CVE-2026-28522 affects the arduino-TuyaOpen library prior to 1.2.1, where a null pointer dereference in the WiFiUDP component can be triggered by a high volume of UDP packets sent by an attacker on the same local network, causing memory exhaustion and a denial-of-service condition. The descriptio...

OESA-2026-1566 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: udp: Deal with race between UDP socket address change and rehash If a UDP socket changes its local address while it's receiving datagrams, as a result of connect...

CVE-2026-26478

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...