147 matches found
ALSA-2026:21557 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: j1939: j1939sessionnew: fix skb reference counting CVE-2024-56645 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183 kernel: mm: thp: deny...
CVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve maclen headroom when recompressed SRH grows ipv6rplsrhrcv decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses, then pulls the old header and pushes the new on...
CVE-2026-43501
CVE-2026-43501 - Linux kernel IPv6 SRH headroom bug : The issue occurs in ipv6_rpl_srh_rcv() when decompressing and recompressing RFC 6554 Source Routing Headers, where the recompressed IPv6 header can grow beyond the received header. The root cause is an unsafe headroom handling in pskb_expand_h...
PT-2026-42457
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write issue exists in the Linux kernel when recomputing an IPv6 Source Routing Header SRH. The ipv6 rpl srh rcv function decompresses an RFC 6554 SRH, swaps the next...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: added vlangetprotocolanddepth helper. Previously, skbmaypull was used instead of skbheaderpointer in vlangetprotocol and related functions. Few calls relied on skb-head being populated with the MAC header. syzbot detected on...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the tunnels section, there’s no need to assume that the macheader is set when using skbtunnelcheckpmtu. The recently added debug in commit f9aefd6b2aa3 “net: warn if mac header was not set” identified a bug in...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use the correct macoffset to unwind gso skb in nshgsoSegment. As shown in the call trace, the skbpanic error occurred due to an incorrect skb-macheader in nshgsoSegment. Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: bonding: Do not assume that the skbmacheader is set. Drivers must not assume that skbs have their macheader set. skb-data is all that is needed. bonding seems to be one of the last vulnerabilities detected by syzbot: WARNING:...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fixed bugs that led to out-of-bounds accesses due to the absence of skb-macheader. If an AFPACKET socket is used to send packets through ipvlan, and the default xmit function of the AFPACKET socket is changed from...
CVE-2026-31685
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...
netfilter: ip6t_eui64: reject invalid MAC header for all packets
...
SUSE CVE-2026-31685
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...
CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...
Linux Distros Unpatched Vulnerability : CVE-2026-31685
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013030)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013030 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup Raw IP packets have no MAC heade...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013047)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013047 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013203)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013203 advisory. In the Linux kernel, the following vulnerability has been resolved: net: add vlangetprotocolanddepth helper Before blamed commit, pskbmaypull was used instead of...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011406)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011406 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup Raw IP packets have no MAC heade...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007396)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007396 advisory. In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct macoffset to unwind gso skb in nshgsosegment As the call trace shows,...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007441)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007441 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup Raw IP packets have no MAC heade...