1381 matches found
EUVD-2026-42870
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared-frag marker in iptfsconsumefrags iptfsconsumefrags transfers paged fragments from one socket buffer to another but fails to propagate the SKBFLSHAREDFRAG flag. This is the same class of bug that was...
kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service
A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...
kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service
A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...
kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service
A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...
SUSE CVE-2026-53074
In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpfprogtestrunskb bpfprogtestrunskb calls ethtypetrans first and then uses skb-protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access...
SUSE CVE-2026-53091
In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...
kernel: net/sched: act_pedit: extend the writable skb range per key
A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...
The vulnerability of the skbuff network component in Linux operating system kernels allows attackers to increase their privileges.
The vulnerability of the skbuff network component in Linux operating systems is related to insufficient resource control during its existence. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the skb_segment_list() function in the net/core/skbuff.c module of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the skbsegmentlist function in the net/core/skbuff.c module of the Linux kernel is related to resource exhaustion. Exploiting this vulnerability can allow an attacker to cause a service failure...
net: mvpp2: refill RX buffers before XDP or skb use
...
netdevsim: zero initialize struct iphdr in dummy sk_buff
...
bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path
...
net: tls: fix strparser anchor skb leak on offload RX setup failure
...
udp: clear skb->dev before running a sockmap verdict
...
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
...
Bluetooth: RFCOMM: validate skb length in MCC handlers
...
net: openvswitch: fix possible kfree_skb of ERR_PTR
...
neigh: let neigh_xmit take skb ownership
...
netfilter: nf_queue: hold bridge skb->dev while queued
...
CVE-2026-52997
A flaw was found in the Linux kernel's schdualpi2 qdisc queueing discipline component. When dualpi2change attempts to enforce updated limit and memory limit values, it may incorrectly try to dequeue packets from an empty C-queue while packets are present in the L-queue. This can lead to a NULL sk...