CVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an acti...

CVE-2026-46324

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walked by concurrent dumpers. Add a new helper and use it consistently...

CVE-2026-46323

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

CVE-2026-46322

The CVE pertains to the Linux kernel tun driver (tun_xdp_one) where a page allocated for a frame by vhost_net_build_xdp() is not freed when build_skb() fails, causing a memory leak. Specifically, if build_skb() fails, ret is set to -ENOMEM and the code jumps to the error path without freeing the ...

CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()

In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...

EUVD-2026-35411

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...

CVE-2026-46321

The CVE-2026-46321 entry concerns the Linux kernel tun_xdp_one() path. A frame shorter than ETH_HLEN may return -EINVAL without freeing the page allocated by vhost_net_build_xdp(), causing a leak when vhost_tx_batch() follows the success path. This happens in scenarios where a local process opens...

CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...

CVE-2026-46319

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...

CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

CVE-2026-46739

A flaw was found in perl-Net-Statsd. This vulnerability allows an attacker to inject additional statsd metrics due to insufficient validation of metric names and values. Specifically, the software does not properly check for newlines, colons, or pipes in metric names, nor does it ensure that valu...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with reqqueuemutex...

CVE-2026-5068 bt: l2cap le coc: remote oob write via seg counter stored in net_buf user_data

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

SUSE CVE-2026-46297

In the Linux kernel, the following vulnerability has been resolved: net: libwx: use requestirq for VF misc interrupt Currently, requestthreadedirq is used with a primary handler but a NULL threaded handler, while also setting the IRQFONESHOT flag. This specific combination triggers a WARNING sinc...

PT-2026-47758

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun xdp one tun xdp one returns -EINVAL on a frame shorter than ETH HLEN without freeing the page that vhost net build xdp allocated for it. tun sendmsg discards that -EINVAL and still...

UBUNTU-CVE-2026-46297

In the Linux kernel, the following vulnerability has been resolved: net: libwx: use requestirq for VF misc interrupt Currently, requestthreadedirq is used with a primary handler but a NULL threaded handler, while also setting the IRQFONESHOT flag. This specific combination triggers a WARNING sinc...

PT-2026-47971

Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally...

PT-2026-48342

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

UBUNTU-CVE-2026-46330

Revert "net/smc: Introduce TCP ULP support"...