145 matches found
kernel: Linux kernel: netfilter: ebtables SNAT target writes to shared memory pages during ARP hardware address rewrite
A flaw was found in the Linux kernel's netfilter bridge ebtables SNAT Source Network Address Translation module. This vulnerability allows a local attacker on a system configured with specific bridge netfilter rules to improperly modify underlying memory pages during an ARP Address Resolution...
UBUNTU-CVE-2026-53266
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...
CVE-2026-53266
The CVE-2026-53266 entry concerns the Linux kernel netfilter bridge path, where ebt_snat ARP sender hardware address rewrite could be performed on non-writable memory. Root cause: ARP SHA is written via skb_store_bits() relative to skb->data, and skb_header_pointer() only safely reads the ARP ...
CVE-2026-53266
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...
CVE-2026-53266
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...
CVE-2026-42937
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...
netfilter: arp_tables: fix IEEE1394 ARP payload parsing
...
CVE-2026-45970
A flaw was found in the Linux kernel's bonding driver, specifically within the Active-Backup Load Balancing ALB receive path. A local attacker can trigger a Use-After-Free UAF vulnerability in the rlbarprecv function by rapidly bringing a bond interface up and down while receiving Address...
SUSE CVE-2026-45844
In the Linux kernel, the following vulnerability has been resolved: netfilter: arptables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arppacketmatch unconditionally parses the ARP payload assuming two hardware addresses are present source and target. However, IPv4-over-IEEE1394 ARP RFC 27...
CVE-2026-45844
A flaw was found in the Linux kernel's netfilter ARP Address Resolution Protocol tables. When processing IPv4-over-IEEE1394 ARP packets on IEEE1394 interfaces, the kernel incorrectly parses the ARP payload. This can lead to incorrect filtering decisions by arptables, where packets that should be...
CVE-2026-45970 bonding: alb: fix UAF in rlb_arp_recv during bond up/down
In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlbarprecv during bond up/down The ALB RX path may access rxhashtbl concurrently with bond teardown. During rapid bond up/down cycles, rlbdeinitialize frees rxhashtbl while RX handlers are still running,...
CVE-2026-45844
In the Linux kernel, the following vulnerability has been resolved: netfilter: arptables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arppacketmatch unconditionally parses the ARP payload assuming two hardware addresses are present source and target. However, IPv4-over-IEEE1394 ARP RFC 27...
EUVD-2026-30009
Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...
CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
...
Windows WAN ARP Driver Elevation of Privilege Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally...
CVE-2026-43441
A flaw was found in the Linux kernel's bonding network interface. When IPv6 is disabled and bonding ARP/NS validation is enabled, a specially crafted IPv6 Neighbor Solicitation NS or Neighbor Advertisement NA packet received on a slave interface can trigger a NULL pointer dereference. This...
SUSE CVE-2026-43024
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...
EUVD-2026-26623
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...
CVE-2026-31424
A flaw was found in the Linux kernel's netfilter subsystem, specifically within the xtables and arptables components. This vulnerability arises when xtmatch and xttarget extensions, registered for unspecified protocol families, are incorrectly processed by the Address Resolution Protocol ARP...
CVE-2026-31424
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...