1623 matches found
CVE-2026-5138
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...
EUVD-2026-41004
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...
CVE-2026-5138
Foreman vulnerability CVE-2026-5138 involves the taxonomy_scope controller failing to validate organization and location IDs in nested request parameters. An authenticated user with host-edit permissions can trigger cross-tenant information disclosure, leaking sensitive infrastructure metadata (s...
CVE-2026-5138
A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...
ALSA-2026:30848 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation CVE-2026-31488 kernel: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach CVE-2026-43038 kernel: netfilter: flowtabl...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In the net: bridge section, for the mcast function, it was decided to always update the mdbnEntries value for VLAN contexts. The syzbot triggered a warning1 regarding the number of mdb entries in a context. It turns out that ther...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: Fix VLAN traffic leaks The PCRMATRIX field was set to all 1’s when VLAN filtering is enabled, but it wasn’t reset when VLAN filtering was disabled. This could lead to traffic leaks: ip link add br0 type bridge...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: hns3 – Added a vlan list lock to protect the vlan list. When adding a port-based VLAN, the vf VLAN needs to be removed from the hardware, and the vlan state in the vf VLAN list must be set to “false”. If the periodic task...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/smc: Fixed NULL pointer dereferencing in smcvlanbytcpsk. Coverity reports a possible NULL dereferencing issue: - In smcvlanbytcpsk: - 6. returnednull: netdevlowergetnext returns NULL checked 29 out of 30 times. - 7...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf/bonding: Rejects changes to vlan+srcmac xmithashpolicy when XDP is loaded. The function bondoptionmodeset already rejects mode changes that would make a loaded XDP program incompatible through bondxdpcheck. However,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: vlan: Fixed an issue where the refcount imbalance of VLAN 0 occurred during runtime, due to toggling filtering. Assuming the “rx-vlan-filter” feature is enabled on a network device, the 8021q module will automatically add...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fastrx entry still holds a pointer to the VLAN’s netdev. This can lead to use-after-free...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: afpacket: fixed vlangetprotocoldgram vs MSGPEEK The responsible commit forgot to handle the MSGPEEK case, resulting in a crash 1, as detected by syzbot. vlangetprotocoldgram was rewritten so that it does not touch the skb at...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bridge: Guards the local VLAN-0 FDB helpers against NULL vlan groups. When CONFIGBRIDGEVLANFILTERING is not set, the brvlangroup and nbpvlangroup functions return NULL as defined in brprivate.h. The BRBOOLOPTFDBLOCALVLAN0 togg...
kernel: macvlan: fix possible UAF in macvlan_forward_source()
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...
SUSE CVE-2026-46433
lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...
kernel: macvlan: fix possible UAF in macvlan_forward_source()
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlanforwardsource Add RCU protection on struct macvlansourceentry-vlan. Whenever macvlanhashdelsource is called, we must clear entry-vlan pointer before RCU grace period starts. This allows...
lldpd: Heap OOB Read in VLAN Decapsulation memmove
...
CVE-2026-46433
lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...
CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove
lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...