CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak

In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN kernel-infoleak detected by the syzbot . net? KMSAN: kernel-infoleak in skbdatagramiter In tcfifedump, the variable 'opt' was partially...

PT-2025-49379

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel information leak issue was addressed in the Linux kernel related to the tc ife structure within the networking subsystem. The issue stemmed from partially initialized variables ...

CVE-2025-40255

In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generichwtstampioctllower The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfigpreparedata - devgethwtstampphylib - vlanhwtstampget -...

UBUNTU-CVE-2025-40255

In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generichwtstampioctllower The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfigpreparedata - devgethwtstampphylib - vlanhwtstampget -...

CVE-2025-40255 net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()

In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generichwtstampioctllower The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfigpreparedata - devgethwtstampphylib - vlanhwtstampget -...

PT-2025-49085

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s networking subsystem related to hardware timestamping. Specifically, a null pointer dereference can occur within the generic hwtstamp ioctl lower...

PT-2026-2517

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Open vSwitch component related to insufficient validation of attributes in the push nsh action. Specifically, the code does not adequately...

PT-2025-51676

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s ksmbd module contains a use-after-free issue within the ipc msg send request function. Specifically, the function waits for a generic netlink reply using an ipc msg...

SUSE CVE-2025-40120

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2024-36017)

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

Siemens SIMATIC S7-1500 Improper Handling of Exceptional Conditions (CVE-2024-53140)

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - optional kicks off the dumping process - dump - actual dump helper, keeps getti...

CVE-2025-40120

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

kernel: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.

In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first and later forwarded to brioctlcall, which causes unnecessary RTNL dance and the splat below 0 under RTNL pressure. Let's say Thread A...

kernel: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.

In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first and later forwarded to brioctlcall, which causes unnecessary RTNL dance and the splat below 0 under RTNL pressure. Let's say Thread A...

PT-2025-52902

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the nbd genl connect function. This occurs when handling NBD CMD CONNECT and NBD CLEAR SOCK operations, specifically related to th...

netlink: Bounds-check struct nlmsgerr creation

...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990388)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990388 advisory. In the Linux kernel, the following vulnerability has been resolved: afnetlink: Fix shift out of bounds in group mask calculation When a netlink message is received,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990594)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990594 advisory. In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip6mrfreetable on failure path ip6mrfreetable can only be...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989650)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989650 advisory. In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989314)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989314 advisory. In the Linux kernel, the following vulnerability has been resolved: net: netlink: afnetlink: Prevent empty skb by adding a check on len. Adding a check on len...