Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: Ensure that we call ipv6mcdown at most once. There are two reasons why addrconfnotify is called with NETDEVDOWN: Either the network device is actually going down, or IPv6 was disabled on the interface. If either of the...

CVE-2026-43339

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

CVE-2026-43339

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

UBUNTU-CVE-2026-43339

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

CVE-2026-43339 ipv6: prevent possible UaF in addrconf_permanent_addr()

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

PT-2026-38990

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-after-Free UaF issue exists in the Linux kernel within the addrconf permanent addr function. This occurs because a warning message regarding an exceptional condition is delivered t...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the addrconfpermanentaddr function in IPv6 address configuration. This function may lead to memor...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005768)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005768 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconfmodrstimer, reference...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005512)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005512 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6mcdown at most once There are two reasons for addrconfnotify to be...

CVE-2026-23200

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix ECMP sibling count mismatch when clearing RTFADDRCONF syzbot reported a kernel BUG in fib6addrt2node when adding an IPv6 route. 0 Commit f72514b3c569 "ipv6: clear RA flags when adding a static route" introduced logic to...

UBUNTU-CVE-2026-23200

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix ECMP sibling count mismatch when clearing RTFADDRCONF syzbot reported a kernel BUG in fib6addrt2node when adding an IPv6 route. 0 Commit f72514b3c569 "ipv6: clear RA flags when adding a static route" introduced logic to...

CVE-2019-25324

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

CVE-2019-25324

CVE-2019-25324 affects RICOH Web Image Monitor version 1.09. It describes an HTML injection vulnerability in the address configuration CGI script, where the entryNameIn and entryDisplayNameIn parameters can be used to inject arbitrary HTML content, potentially enabling cross-site scripting. The v...

PT-2026-4672

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the inet6 addr del function. This flaw is related to the handling of temporary addresses, where a memory area is accessed after it...

EUVD-2022-54957

In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotpbind Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted o...

CVE-2022-50310

Summary: CVE-2022-50310 affects the Linux kernel and describes a use-after-free (UAF) in ip6mr_sk_done() when addrconf_init_net() fails during net initialization. The vulnerability arises because devconf_all is freed during addrconf_init_net() failure, but ip6mr_sk_done() later accesses devconf-&...

CVE-2023-53189 ipv6/addrconf: fix a potential refcount underflow for idev

In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconfmodrstimer, reference idev depends on whether rstimer is not pending. Then modify rstimer timeout. There is a time gap in 1, during which if the pending...

CVE-2023-53189

CVE-2023-53189: Linux kernel IPv6 addrconf component had a potential refcount underflow for idev due to a race in rs_timer handling. The issue arises when rs_timer is activated while pending status changes, potentially causing addrconf_rs_timer() to run without the idev reference. The fix is in a...

SUSE CVE-2022-49662

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix lockdep splat in in6dumpaddrs As reported by syzbot, we should not use rcudereference when rcureadlock is not held. WARNING: suspicious RCU usage 5.19.0-rc2-syzkaller 0 Not tainted net/ipv6/addrconf.c:5175 suspicious...

SUSE CVE-2024-53269

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to...