EUVD-2026-24902

In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, espoutputtailtcp will return an error and not free the skb, because with synchronous crypto, the common xfrm output code will drop the packe...

CVE-2026-31518 esp: fix skb leak with espintcp and async crypto

In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, espoutputtailtcp will return an error and not free the skb, because with synchronous crypto, the common xfrm output code will drop the packe...

CVE-2026-31517

The CVE-2026-31517 vulnerability affects the Linux kernel’s IP-TFS (xfrm_iptfs) reassembly path. During datagram reassembly, an optimization can make newskb non-linear; if a subsequent fragment is appended via skb_put(), the code may trigger a SKB_LINEAR_ASSERT and crash (OOPS). The documented fi...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of skb references when network namespace destruction occurs. This issue may lea...

PT-2026-34422

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb put panic on non-linear skb during reassembly In iptfs reassem cont, IP-TFS attempts to append data to the new inner packet 'newskb' that is being reassembled. First a zero-copy approach is tried if it succee...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the leakage of SKBs during asynchronous encryption with espintcp, potentially leading to memory...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011219)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011219 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011028 advisory. In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013129)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013129 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: Add a check for oversized packets Occasionnaly we may get oversized packets from t...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006986)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006986 advisory. In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013379)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013379 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: Fix memory leak in error path of kcmsendmsg syzbot reported a memory leak like below: BUG:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011255)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011255 advisory. In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 skbuff: fix coalesci...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011386)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011386 advisory. In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass...

CVE-2026-31429

In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKBSMALLHEADCACHESIZE is intentionally set to a non-power-of-2 value e.g. 704 on x8664 to avoid collisions with generic kmalloc bucket sizes. This ensures that...

mt6893-security-research

MT6893 Security Research Five security research findings from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007396)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007396 advisory. In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct macoffset to unwind gso skb in nshgsosegment As the call trace shows,...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006673 advisory. In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100xmitprepare In e100xmitprepare, if we can't map the skb,...

SUSE CVE-2026-23444

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...

CVE-2026-23444

A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. This vulnerability occurs because a specific error path within the ieee80211txprepareskb function fails to properly release a network buffer, known as a socket buffer skb. This inconsistency can lead to a double-free condition, wher...