CVE-2026-23437

A flaw was found in the Linux kernel's net: shaper module. This vulnerability arises from a missing liveness check during Netlink operations when a network device netdev is referenced and subsequently accessed. If the netdev is unregistered before the access, it can lead to a use-after-free...

CVE-2026-23437

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

CVE-2026-23436

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

UBUNTU-CVE-2026-23437

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

UBUNTU-CVE-2026-23436

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

CVE-2026-23436 net: shaper: protect from late creation of hierarchy

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

CVE-2026-23436

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

CVE-2026-23436

The CVE-2026-23436 issue affects the Linux kernel's net: shaper component. A race could occur when a netdev is unregistered between taking a reference during Netlink prep and locking/RCU in the callback, potentially leaking the hierarchy after a flush. The fix applies the instance lock in pre- st...

PT-2026-30132

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw where late read accesses to the network device hierarchy were not properly protected. A missing liveness check during the conversion from a reference to...

PT-2026-30131

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

ROS-20260403-73-0013

A vulnerability in the netlink component of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

UBUNTU-CVE-2026-23412

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF when concurrent process is dumping hooks via nfnetlinkhooks: BUG: KASAN: slab-use-after-free in nfnlhookdumpone.isra.0+0xe71/0x10f0 Read...

PT-2026-36452

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak occurs in the Linux kernel when building netlink messages. The tc chain fill node function fails to initialize the tcm info field of the struct tcmsg structure. Becau...

nfnetlink_osf: validate individual option lengths in fingerprints

...

EUVD-2026-15351

In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy ledtriggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDSTRIGGERNETDEV and LEDTRIGGERPHY are enabled: 1362.049207 ledtriggerregister+0x5c/0x1fc...

CVE-2026-23368

In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy ledtriggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDSTRIGGERNETDEV and LEDTRIGGERPHY are enabled: 1362.049207 ledtriggerregister+0x5c/0x1fc...

PT-2026-27686

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generating this warning: msk-pm.local addr used == 0 WARNING: net/mptcp/pm kernel.c:1071 at mark subflow en...

[SECURITY] [DLA 4504-1] libvirt security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4504-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 20, 2026 https://wiki.debian.org/LTS -...

mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()

...

NewStart CGSL MAIN 6.06 (SP) : libnl3 Vulnerability (NS-SA-2026-0018)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has libnl3 packages installed that are affected by a vulnerability: - An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged...