EUVD-2026-26610

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When allocskb fails in x25queuerxframe it calls kfreeskbskb at line 48 and returns 1 error. This error propagates back through the call chain: x25queuerxframe returns 1 | v x25state3machi...

PT-2026-36448

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienet free tx chain sums the per-BD actual length from descriptor status into a caller-provided...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unbound UART receive buffer in the NFC pn533 driver, resulting in malicious malformed UART traffic that c...

PT-2026-36428

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the net/x25 component. When alloc skb fails within the x25 queue rx frame function, the system calls kfree skbskb and returns an error. This error propagate...

net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()

...

bridge: br_nd_send: linearize skb before parsing ND options

...

net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()

...

nfc: pn533: allocate rx skb before consuming bytes

...

CVE-2026-31683

In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packetlen bytes, while a later packet can still ...

CVE-2026-31684

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

CVE-2026-31675

In the Linux kernel, the following vulnerability has been resolved: net/sched: schnetem: fix out-of-bounds access in packet corruption In netemenqueue, the packet corruption logic uses getrandomu32belowskbheadlenskb to select an index for modifying skb-data. When an AFPACKET TXRING sends fully...

CVE-2026-31684 net: sched: act_csum: validate nested VLAN headers

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

CVE-2026-31682

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: linearize skb before parsing ND options brndsend parses neighbour discovery options from ns-opt and assumes that these options are in the linear part of request. Its callers only guarantee that the ICMPv6 header...

EUVD-2026-25642

In the Linux kernel, the following vulnerability has been resolved: net/sched: schnetem: fix out-of-bounds access in packet corruption In netemenqueue, the packet corruption logic uses getrandomu32belowskbheadlenskb to select an index for modifying skb-data. When an AFPACKET TXRING sends fully...

SUSE CVE-2026-31616

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fphonet: fix skb frags overflow in pnrxcomplete A broken/bored/mean USB host can overflow the skbsharedinfo-frags array on a Linux gadget exposing a Phonet function by sending an unbounded sequence of full-page OUT...

SUSE CVE-2026-31658

In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tsestartxmit When dmamapsingle fails in tsestartxmit, the function returns NETDEVTXOK without freeing the skb. Since NETDEVTXOK tells the stack the packet was consumed, the sk...

Linux Distros Unpatched Vulnerability : CVE-2026-31563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: Use devconsumeskbany to free TX SKBs The napiconsumeskb function is not intended to be called in an IRQ disabled context. However, after commit...

PT-2026-35142

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the br nd send function where neighbour discovery options are parsed from ns-opt under the assumption that these options reside in the linear part of the request...

PT-2026-35135

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds memory access exists in the netem enqueue function within the sch netem scheduler. The issue occurs during packet corruption when get random u32 belowskb headlenskb is...

CVE-2026-31658

A flaw was found in the Linux kernel's net: altera-tse network driver. When a Direct Memory Access DMA mapping error occurs in the tsestartxmit function, the system fails to free the allocated socket buffer skb. This oversight causes a memory leak with each DMA mapping failure, potentially leadin...