1244 matches found
EUVD-2026-27807
In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...
EUVD-2026-27612
In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in ioam6filltracedata We need to check in6devget for possible NULL value, as suggested by Yiming Qian. Also add skbdstdevrcu instead of skbdstdev, and two missing READONCE. Note that @d...
CVE-2026-43254
CVE-2026-43254: Linux kernel openvpn TCP stream handling corrected. Ovpn_tcp_recv now allocates a separate skb per packet and uses skb_copy_bits to copy only the packet payload, skipping the 2-byte length prefix; length checks guard allocation to prevent invalid skbs. This resolves header offset ...
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error
In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...
CVE-2026-43238 net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash()
In the Linux kernel, the following vulnerability has been resolved: net/sched: actskbedit: fix divide-by-zero in tcfskbedithash Commit 38a6f0865796 "net: sched: support hash selecting tx queue" added SKBEDITFTXQSKBHASH support. The inclusive range size is computed as: mappingmod = queuemappingmax...
CVE-2026-43164 udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb().
In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in udpenqueuescheduleskb. syzbot reported null-ptr-deref of udpsksk-udpprodqueue. 0 Since the cited commit, udplibinitsock can fail, as can udpinitsock and udpv6initsock. Let's handle the error in...
CVE-2026-43098 nfc: s3fwrn5: allocate rx skb before consuming bytes
In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82uartread reports the number of accepted bytes to the serdev core. The current code consumes bytes into recvskb and may already deliver a complete frame before allocatin...
SUSE CVE-2026-43011
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When allocskb fails in x25queuerxframe it calls kfreeskbskb at line 48 and returns 1 error. This error propagates back through the call chain: x25queuerxframe returns 1 | v x25state3machi...
PT-2026-37594
In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpn tcp recv, we receive large cloned skbs from strp rcv that may contain multiple coalesced packets. The current implementation has two bugs: 1...
PT-2026-37411
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL pointer dereference exists in the Linux kernel within the IPv6 IOAM In-situ Operations, Administration, and Maintenance component. The issue occurs in the ioam6 fill tra...
SUSE-SU-2026:21491-1 Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)
This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI bsc1252048. - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting ...
kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service
A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fixed a potential use-after-free in hix5hd2rx. The skb is passed to npapigroreceive, which may free it. After calling this function, dereferencing the skb may trigger a use-after-free...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix the issue of failing to release the skbuff in seg6inputcore. The seg6input function is responsible for adding the SRH into a packet, delegating this operation to seg6inputcore. This function uses skbcowhead to ensur...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix for NPE during rxcomplete There is a missing validation of usbnetgoingaway in the critical path. The usbsubmiturb function lacks this validation, while usbnetqueueskb includes this check. This inconsistency creates a...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: bpf, cpumap: Handle skb as well when cleaning up ptrring. The following warning was reported when running xdpredirectcpu with both skbmode and stressmode enabled: ------------ Cut here ------------ Incorrect XDP memory type...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: Staging: gdm724x: fixed the use of a variable after it is freed in gdmlterx. The netifrxni function frees the skb, so we cannot dereference it to save the skb-len...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a segmentation issue when upgrading gsosize. The skb was linearized during the upgrade of gsosize, as this might trigger a BUGON function later on, as described in 1,2...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are received using GRO with a fraglist, they may be segmented later on and continue their journey within the stack. In skbSegmentlist, these segments can be reused as they are. This is a...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fixed the issue where no check was performed on the length of skb in hciacldatapacket. This fix ensures that it actually checks whether skb truly contains an ACL header; otherwise, the code may attempt to acce...