net: bridge: use a stable FDB dst snapshot in RCU readers

...

CVE-2026-46086

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

UBUNTU-CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

EUVD-2026-32469

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...

PT-2026-43953

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description A flaw exists in the bridge component of the Linux kernel where local Forwarding Database FDB entries can be rewritten in place by the fdb delete local function. This process updates the...

CVE-2026-46086

net: bridge: use a stable FDB dst snapshot in RCU readers...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from bridge FDB entries not using stable dst snapshots during RCU reading operations. This vulnerabili...

EUVD-2026-27610

In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIGBRIDGEVLANFILTERING is not set, brvlangroup and nbpvlangroup return NULL brprivate.h stub definitions. The BRBOOLOPTFDBLOCALVLAN0 toggle code is compiled...

CVE-2026-43100

CVE-2026-43100 covers a Linux kernel bridge issue where, if CONFIG_BRIDGE_VLAN_FILTERING is not set, br_vlan_group() and nbp_vlan_group() may return NULL and the code path in br_fdb_delete_locals_per_vlan_port() / br_fdb_insert_locals_per_vlan_port() dereferences a NULL vlan group pointer. Connec...

PT-2026-37410

In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIG BRIDGE VLAN FILTERING is not set, br vlan group and nbp vlan group return NULL br private.h stub definitions. The BR BOOLOPT FDB LOCAL VLAN 0 toggle code ...

SUSE CVE-2026-31531

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

EUVD-2026-25218

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38037)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38037 advisory. - In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37921)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37921 advisory. - In the Linux kernel, the following vulnerability has been resolved: vxlan: vnifilter: Fix unlocked deletion ...

Astra Linux - Vulnerability in linux-6.1, linux-6.12

In the Linux kernel, the following vulnerability has been resolved: nexthop: Prohibit FDB status changes while nexthop is in a group The kernel prohibits the creation of non-FDB nexthop groups with FDB nexthops: ip nexthop add id 1 via 192.0.2.1 fdb ip nexthop add id 2 group 1 Error: A non-FDB...

EUVD-2023-60133

In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...

SUSE CVE-2025-40297

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its...

EUVD-2025-201647

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its...

DEBIAN-CVE-2025-40297

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported1 a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being deleted, after all its...