Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rtbindexception from rebinding stale fnhe The packet transmission path of the sit driver calls sittunnelxmit - updateorcreatefnhe. This leads to fnheremoveoldest being called to delete entries that exceed...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011394)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011394 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rtbindexception from rebinding stale fnhe The sit driver's packet transmissi...

SUSE-SU-2026:1099-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...

Security update for the Linux Kernel (Live Patch 67 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.255 fixes various security issues The following security issues were fixed: CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant...

SUSE-SU-2026:20842-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: - CVE-2025-40214: afunix: Initialise sccindex in unixaddedge bsc1255052. - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. -...

SUSE CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

EUVD-2026-15235

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 15 SP7 RT)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: CVE-2025-38488: smb: client: fix use-after-free in cryptmessage when using async crypto bsc1247240. CVE-2025-40258: mptcp: fix race condition in...

SUSE-SU-2026:20615-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation bsc1253344. - CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer...

SUSE-SU-2026:0471-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer bsc1254842. - CVE-2025-40259: scsi: sg: Do not sleep in atomic context bsc1254845. - CVE-2025-68284: libceph:...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50100)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50100 advisory. - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38879907 CVE-2025-40022 - crypto: afalg - Disallow concurrent writ...

EUVD-2026-4614

In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6uncachedlistdel and rtdeluncachedlist syzbot was able to crash the kernel in rt6uncachedlistflushdev in an interesting way 1 Crash happens in listdelinit/INITLISTHEAD while writing list-prev, while the prior...

ROS-20260121-73-0003

A vulnerability in the iprtupdatepmtu function of the ipv4/route.c component of the Linux operating system kernel is related to improper resource locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2025-68813

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...

CVE-2025-68241

In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rtbindexception from rebinding stale fnhe The sit driver's packet transmission path calls: sittunnelxmit - updateorcreatefnhe, which lead to fnheremoveoldest being called to delete entries exceeding...

CVE-2022-48999

An out-of-bounds memory access vulnerability was found in the Linux kernel. When fibinfo contains an nh reference, the handle attempts to delete the multipath route. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...

DEBIAN-CVE-2024-36008

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...

AZL-42159 CVE-2024-36008 affecting package hyperv-daemons for versions less than 5.15.158.1-1

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...