Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the possibility of setting the skb pointer to null when rxrpc fails to unshare a skb, potentially leadi...

PT-2026-43865

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the rxrpc component. If the skb unshare function fails to unshare a packet due to an allocation failure within rxrpc input packet, the skb pointer in...

PT-2026-43970

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the stream parser when it is aborted, such as after a message assembly timeout. The strp abort strp function fails to release the reference to a partially assembl...

Important: kernel-livepatch-6.18.20-20.229

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.18.20-20.229 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-5.10.252-250.1005

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-5.10.252-250.1005 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-5.10.251-248.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-5.10.251-248.983 Issue Correction: Please ensure you have live patching enabled. Run yum update...

SUSE CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

EUVD-2026-31535

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skbtrycoalesce can attach paged frags from @from to @to. If @from has SKBFLSHAREDFRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backe...

CVE-2026-46300

The CVE-2026-46300 issue affects the Linux kernel's net: skbuff code: skb_try_coalesce() can transfer paged frags from one skb to another while losing the SKBFL_SHARED_FRAG marker, breaking the invariant relied on by ESP decryption logic. This can allow an in-place decrypt path to operate on page...

EUVD-2026-31536

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers pskbcopyfclone and skbshift fail to propagate the SKBFLSHAREDFRAG bit in skbshinfo-flags when moving frags from source to...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tls: Make sure to abort the stream if the headers are invalid. Normally, we wait for the socket to buffer up the entire record before processing it. However, if the socket has a very small buffer, we read out the data sooner to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: Fixed memory leak This checks whether CONFIGDEVCOREDUMP is enabled before attempting to clone the skb, and also ensures that btmtkprocesscoredump frees the skb following the same logic...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: The crash occurred when performing a pressure test on mptcp. The following error occurred: dstrelease: dst: ffffa06ce6e5c058 refcnt: -1 The kernel attempted to execute a NX-protected page – an attempt to exploit a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: brwifi: Fix for NULL pointer dereferencing in brwifitxfinalize. When the device is removed or the kernel module is unloaded, there is a potential scenario of NULL pointer dereferencing. The following sequence occurs when...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail of a packet may have some unexpected side effects if a program uses a helper function like BPFFUNCskbpulldata to read partial content beyond the headle...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ath11k: Fixed the issue where the skb was not dropped when an htctxcompletion error occurred. When an htctxcompletion error occurs, the skb is not discarded. This is incorrect because the completionhandler logic expects the sk...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net:mctp: taking ownership of skb in mctplocaloutput Currently, mctplocaloutput only takes ownership of the skb when it succeeds. In some cases where mctplocaloutput fails, we might leak the skb. Ownership of the skb is not...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9khtc: Use skbsetlength to reset urb before resubmitting it. Syzbot points out that skbtrim has a sanity check on the existing length of the skb; this length might not be initialized in some error-prone situations. The...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeuerx We cannot dereference “skb” after calling vcc-push, because the skb is released...