32 matches found
net: mvpp2: refill RX buffers before XDP or skb use
...
CVE-2026-53215
A flaw was found in the Linux kernel's mvpp2 network driver. This vulnerability occurs due to incorrect handling of receive RX buffers, where a buffer is returned to the hardware Buffer Manager BM pool after it has been passed to the eXpress Data Path XDP or attached to a socket buffer skb. This...
CVE-2026-13351
Zephyr's IPv6 network stack can be prevented from receiving or processing future incoming packets by sending a small number of maliciously fragmented IPv6 packets. When such a packet is handled by the fragment-header processing path, the associated RX network packet buffer allocated from a memory...
CVE-2026-53215
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...
CVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb use
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...
CVE-2026-53215
CVE-2026-53215 affects the Linux kernel mvpp2 driver: the RX path could return a descriptor buffer to the hardware Buffer Manager after it had been handed to XDP or an skb, allowing DMA into memory no longer owned by the RX ring. Root cause is improper handling of RX buffers in mvpp2_rx_refill() ...
PT-2026-52488
Name of the Vulnerable Software and Affected Versions Zephyr affected versions not specified Description An issue in the IPv6 network stack allows a denial of service by sending a small number of maliciously fragmented IPv6 packets. When the fragment-header processing path handles these packets,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing RX buffers The pagepoolreleasepage function was used when freeing RX buffers. This function simply unmaps the page if it was mapped and does not recycle the page. As a result, after...
EUVD-2025-209675
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI autoqueue feature for IPCR DL channels MHI stack offers the 'autoqueue' feature, which allows the MHI stack to auto queue the buffers for the RX path DL channel. Though this feature simplifies the client...
CVE-2025-71285
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI autoqueue feature for IPCR DL channels MHI stack offers the 'autoqueue' feature, which allows the MHI stack to auto queue the buffers for the RX path DL channel. Though this feature simplifies the client...
PT-2026-37450
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between client drivers and the MHI stack due to the auto queue feature, which automatically queues buffers for the RX path DL channel. This can cause the dl...
SUSE CVE-2026-31644
In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966xfdmareload When lan966xfdmareload fails to allocate new RX buffers, the restore path restarts DMA using old descriptors whose pages were already freed via lan966xfdmarxfreepages...
CVE-2022-50679 i40e: Fix DMA mappings leak
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for i=0; i=8160; i=i+32 do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g...
CVE-2022-50679
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix DMA mappings leak During reallocation of RX buffers, new DMA mappings are created for those buffers. steps for reproduction: while : do for i=0; i=8160; i=i+32 do ethtool -G enp130s0f0 rx $i tx $i sleep 0.5 ethtool -g...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988669)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988669 advisory. In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbopen/close: fix memory leak The gsusb driver appears to suffer from a malady...
CVE-2025-38490 net: libwx: remove duplicate page_pool_put_full_page()
In the Linux kernel, the following vulnerability has been resolved: net: libwx: remove duplicate pagepoolputfullpage pagepoolputfullpage should only be invoked when freeing Rx buffers or building a skb if the size is too short. At other times, the pages need to be reused. So remove the redundant...
SUSE CVE-2023-52998
In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing rx buffers The pagepoolreleasepage was used when freeing rx buffers, and this function just unmaps the page if mapped and does not recycle the page. So after hundreds of down/up the...
UBUNTU-CVE-2023-52998
In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing rx buffers The pagepoolreleasepage was used when freeing rx buffers, and this function just unmaps the page if mapped and does not recycle the page. So after hundreds of down/up the...
CVE-2023-52998 net: fec: Use page_pool_put_full_page when freeing rx buffers
In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing rx buffers The pagepoolreleasepage was used when freeing rx buffers, and this function just unmaps the page if mapped and does not recycle the page. So after hundreds of down/up the...
CVE-2023-52998 net: fec: Use page_pool_put_full_page when freeing rx buffers
In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing rx buffers The pagepoolreleasepage was used when freeing rx buffers, and this function just unmaps the page if mapped and does not recycle the page. So after hundreds of down/up the...