Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netrom: Check the buffer length before accessing it. Syzkaller reports an issue where an uninit value is read from ax25cmp when sending raw messages through the ieee802154 implementation...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ax25: rcu protect dev-ax25ptr syzbot identified a lockdep issue 1. We should remove the ax25 RTNL dependency in ax25setsockopt. This should also fix various potential UAF issues in ax25. 1 WARNING: A circular locking dependenc...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ax25: The refcount leak caused by setting the SOBINDTODEVICE socket option has been fixed. If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. The commit...

Astra Linux - уязвимость в linux, linux-5.10

A use-after-free vulnerability was discovered in drivers/net/hamradio/6pack.c of Linux, which allows an attacker to crash the Linux kernel by simulating the ax25 device using the 6pack driver from the user space...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ax25: Fixing use-after-free bugs caused by ax25dsdeltimer. When the ax25 device is being detached, the ax25devdevicedown function calls ax25dsdeltimer to clean up the slavetimer. When the timer handler is running, the...

SUSE-SU-2026:20940-1 Security update for net-tools

This update for net-tools fixes the following issues: - Fix stack buffer overflow in parsehex bsc1248687, GHSA-h667-qrp8-gj58. - Fix stack-based buffer overflow in procgenfmt bsc1248687, GHSA-w7jq-cmw2-cq59. - Avoid unsafe memcpy in ifconfig bsc1248687. - Prevent overflow in ax25 and netrom...

SUSE CVE-2026-23098

In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nrrouteframe In nrrouteframe, oldskb is immediately freed without checking if nrneigh-ax25 pointer is NULL. Therefore, if nrneigh-ax25 is NULL, the caller function will free oldskb again, causing a...

UBUNTU-CVE-2026-23098

In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nrrouteframe In nrrouteframe, oldskb is immediately freed without checking if nrneigh-ax25 pointer is NULL. Therefore, if nrneigh-ax25 is NULL, the caller function will free oldskb again, causing a...

EUVD-2026-5444

In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nrrouteframe In nrrouteframe, oldskb is immediately freed without checking if nrneigh-ax25 pointer is NULL. Therefore, if nrneigh-ax25 is NULL, the caller function will free oldskb again, causing a...

CVE-2026-23098

In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nrrouteframe In nrrouteframe, oldskb is immediately freed without checking if nrneigh-ax25 pointer is NULL. Therefore, if nrneigh-ax25 is NULL, the caller function will free oldskb again, causing a...

Linux Distros Unpatched Vulnerability : CVE-2026-23098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netrom: fix double-free in nrrouteframe In nrrouteframe, oldskb is immediately freed without checking if nrneigh-ax25 pointer is NULL. Therefore, if nrneigh-ax2...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005071)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005071 advisory. In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of netdevice There is a reference count leak issue of the...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21792)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21792 advisory. - In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by settin...

ROS-20260119-7367

A vulnerability in the ax25setsockopt function of the net/ax25/afax25.c component of the Linux operating system kernel is related to improper memory freeing before deleting the last reference. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002310 advisory. The ax25recvmsg function in net/ax25/afax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001698)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001698 advisory. A use-after-free flaw was found in the Linux kernels Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a loca...

ROS-20260112-7319

A vulnerability in the ax25addrax25dev function of module net/ax25/ax25dev.c of the Linux operating system kernel is related to resource leakage. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2026-6168

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue was identified in the netrom network routing mechanism within the Linux kernel. Specifically, the nr route frame function frees memory associated with old skb without...

CVE-2025-34458

wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprsmice located in src/decodeaprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or...

ax25: fix incorrect dev_tracker usage

...