173 matches found
kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()
A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...
CVE-2026-46071
A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM subsystem, specifically affecting its nested virtualization nSVM capabilities. The issue arises from incorrect handling of Virtual Machine Control Block Last Branch Record VMCBLBR data when copied to vmcb12, an operation that...
EUVD-2026-32453
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...
EUVD-2026-32441
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN For guests with NRIPS disabled, L1 does not provide NextRIP when running an L2 with an injected soft interrupt, instead it advances the current RIP before...
Linux Distros Unpatched Vulnerability : CVE-2026-46071
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to...
CVE-2026-46071
KVM: nSVM: Avoid clearing VMCBLBR in vmcb12...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the conversion of struct aiokiocb. The first argument of kiocbset Cancelfn may point to a struct kiocb that is not embedded within struct aiokiocb. With the current code, depending on the compiler,...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: seg6: Fixed the iif in the IPv6 socket control block. When an IPv4 packet is received, the iprcvcore... function sets the receiving interface index into the IPv4 socket control block v5.16-rc4, net/ipv4/ipinput.c, line 510: c...
CVE-2026-43133
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation Commit cc3ed80ae69f "KVM: nSVM: always use vmcb01 to for vmsave/vmload of guest state" made KVM always use vmcb01 for the fields controlled by VMSAVE/VMLOAD, but it missed...
SUSE CVE-2026-43037
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget to reclaimed the flushed packets. This leads to a memory leak since we do not free the dma mapped buffers. Th...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb kprobes control block status flag to KPROBEHITSSDONE even if the kp-posthandler is not set. This bug may cause a kernel panic if another INT3 user...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The payload size has been sanitized to prevent member overflow. In functions qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by the firmware is used to calculate the copy length for the...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ipvti: A potential issue related to slab-use-after-free has been fixed in decodesession6. When the ipvti device is set as a qdisc of the sfb type, the cb field of the sent skb may be modified during enqueueing. This can lead to a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xsk: Avoid data corruption on cq descriptor numbers. Since commit 30f241fcf52a “xsk: Fix immature cq descriptor production”, the descriptor number is stored in the skb control block. The xskcqsubmitaddrlocked function relies on...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a use-after-free caused by l2capreassemblesdu. Fixed a race condition between the following two processes that run parallelly: 1. l2capreassemblesdu - chan-ops-recv l2capsockrecvcb - sockqueuercvskb. 2...
CVE-2026-43037
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...
CVE-2026-43038
CVE-2026-43038 affects the Linux kernel IPv6 ICMP error path. A forged IPv4 ICMP error with CIPSO options could cause ip6_err_gen_icmpv6_unreach() to misinterpret an inner IPv4 inet_skb_parm as an IPv6 parameter, allowing an offset misreference (dsthao) that could enable out-of-bounds or memory a...
CVE-2026-43037
CVE-2026-43037 affects the Linux kernel; vulnerability arises from ip4ip6_err() using a cloned skb where the IPv6 receive path writes cb[] as inet6_skb_parm, which is then misinterpreted as IPv4 inet_skb_parm by __ip_options_echo(), causing a potential data leak/compromise. The fix includes clear...