Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed soft lockups in fib6selectpath under high next hop changes. Soft lockups were observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the bird service, these routers continuous...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Net: Marvell: Pestera: Fixed handling of IPv4 routes with nhid. Fixed the handling of IPv4 routes that reference a nexthop via its id by replacing calls to fibinfonh with fibinfonhc. When attempting to add an IPv4 route that...

Security update for frr (important)

openSUSE security update: security update for frr ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20898-1 Rating: important References: bsc1261013 bsc1263859 bsc1263863 bsc1263974 Cross-References: CVE-2026-28532 CVE-2026-37457 CVE-2026-37458...

CVE-2026-46260

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

CVE-2026-46260

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

EUVD-2026-34122

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

CVE-2026-46260

The CVE-2026-46260 entry is supported by multiple connected sources detailing a kernel IPv6 out-of-bounds read when creating an IPv6 route with RTA_NH_ID, due to fib6_info not containing trailing fib6_nh and an unsafe read of iter->fib6_nh. The fix adds a check of iter->nh before dereferenc...

PT-2026-46023

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the IPv6 routing component of the Linux kernel. The issue occurs within the fib6 add rt2node function when an IPv6 route is created using RTA NH ID, as th...

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-6988

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

CVE-2026-6988 Tenda HG10 Boa Service formRouting formRoute buffer overflow

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

EUVD-2026-25664

A flaw has been found in Tenda HG10 HG7HG9HG10re300001138enxpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The exploit h...

PT-2026-35159

A flaw has been found in Tenda HG10 HG7 HG9 HG10re 300001138 en xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The...

CVE-2026-31531

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtmgetnexthop When querying a nexthop object via RTMGETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMSGGOODSIZE. While sufficient for single nexthops and small...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011394)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011394 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rtbindexception from rebinding stale fnhe The sit driver's packet transmissi...

GO-2026-4736 GoBGP vulnerable to a denial of service via the NEXT_HOP path attribute in github.com/osrg/gobgp

GoBGP vulnerable to a denial of service via the NEXTHOP path attribute in github.com/osrg/gobgp...

CVE-2026-30405

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXTHOP path attribute...

net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop

...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a classification error when using IPv4 routing to reference an IPv6 next hop. This error can lead to nu...