691 matches found
CVE-2026-31647
In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPTRT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local lock in the idpfvcxn struct. The conversion is safe because complete/all are called outside the lock and...
CVE-2026-31644
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966xfdmareload When lan966xfdmareload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966xfdmarxfreepages...
CVE-2026-31565
Summary: CVE-2026-31565 affects the Linux kernel RDMA/irdma component, where a netdev reset with active RDMA applications can deadlock during device/client removal (cma/uverbs paths). The root cause is a circular dependency between iWARP-related clients and references held during device reset, le...
PT-2026-34917
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the RDMA/irdma component when a netdev reset is executed while RDMA applications are active. The netdev reset leads the ice driver to remove the irdma auxiliary...
CVE-2026-31502
A flaw was found in the Linux kernel's team network device. This vulnerability involves a type confusion in header operations when handling non-Ethernet ports. An attacker could potentially exploit this by causing the team device to misinterpret network device private data, leading to a system...
CVE-2026-31504
In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...
CVE-2026-31504
The CVE-2026-31504 entry describes a race in the Linux kernel’s networking stack: during a NETDEV_UP event, a socket re-registration into a fanout group’s arr[] can leave a dangling pointer if packet_release() doesn’t clear po->num while bind_lock is held. This Use-After-Free risk stems from a...
kernel: smc: Fix use-after-free in __pnet_find_base_ndev()
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a NETDEVUP condition that allows for the reuse of freed fanout resources after release. This can...
CVE-2026-40023
A flaw was found in Apache Log4cxx. An attacker who can influence logged data can exploit this by injecting characters forbidden by the XML 1.0 specification a standard for encoding documents into log messages, Network Device Configuration NDC, and Mapped Diagnostic Context MDC property keys and...
OESA-2026-1848 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and...
CVE-2025-50649
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlanname parameter in the /shutset.asp endpoint...
kernel: macvlan: fix error recovery in macvlan_common_newlink()
A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table e.g., due to an invalid interface name, the hash entry still references the freed netdevice structure. Subsequent packets...
kernel: macvlan: fix error recovery in macvlan_common_newlink()
A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table e.g., due to an invalid interface name, the hash entry still references the freed netdevice structure. Subsequent packets...
EUVD-2026-18677
In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...
EUVD-2026-18694
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdcncm: add ndpoffset to NDP32 nframes bounds check The same bounds-check bug fixed for NDP16 in the previous patch also exists in cdcncmrxverifyndp32. The DPE array size is validated against the total skb length withou...
CVE-2026-23436
In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...
CVE-2026-23437
In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...
CVE-2026-23442
In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths in6devget can return NULL when the device has no IPv6 configuration e.g. MTU IPV6MINMTU or after NETDEVUNREGISTER. Add NULL checks for idev returned by in6devget in both...
CVE-2026-23459
In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...