CVE-2026-46099

The CVE-2026-46099 entry describes a use-after-free race in Linux kernel IPv6 handling for seg6 and rpl lightweight tunnels. A NOREF destination cached during ip6_route_input() can be freed by a concurrent FIB lookup on a shared nexthop under PREEMPT_RT, leading to a WARN or potential instability...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: In the nfreject function, there is no need to leak the reference count of the dst entry for loopback packets. Recent patches that added a WARN message when replacing the skb dst entry have identified an old bug:...

EUVD-2026-24817

In the Linux kernel, the following vulnerability has been resolved: virtionet: Fix UAF on dstops when IFFXMITDSTRELEASE is cleared and napitx is false A UAF issue occurs when the virtionet driver is configured with napitx=N and the device's IFFXMITDSTRELEASE flag is cleared e.g., during the...

CVE-2025-68241

In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rtbindexception from rebinding stale fnhe The sit driver's packet transmission path calls: sittunnelxmit - updateorcreatefnhe, which lead to fnheremoveoldest being called to delete entries exceeding...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988845)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988845 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dstclone and...

netfilter: nf_reject: don't leak dst refcount for loopback packets

...

UBUNTU-CVE-2025-38732

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfreject: don't leak dst refcount for loopback packets recent patches to add a WARN when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 skbdstcheckunset include/linux/skbuff.h:1164 inlin...

CVE-2025-38732 netfilter: nf_reject: don't leak dst refcount for loopback packets

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfreject: don't leak dst refcount for loopback packets recent patches to add a WARN when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 skbdstcheckunset include/linux/skbuff.h:1164 inlin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a dst reference count leak due to nfreject not properly handling loopback packets...

SUSE CVE-2025-21768

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own...

CVE-2025-21768

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own...

CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own...

kernel: tipc: force a dst refcount before doing decryption

A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...

kernel: tipc: force a dst refcount before doing decryption

A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...

kernel: tipc: force a dst refcount before doing decryption

A vulnerability was found in the Linux kernel's TIPC module, where a reference count on the destination entry was not enforced before decryption. This issue arises due to potential asynchronous returns from crypto requests, which could lead to crash...

SUSE CVE-2024-40983

In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 "xfrm: Force a dst refcount before entering the xfrm type handlers": "Crypto requests might return asynchronous. In this case we leave the rcu...

UBUNTU-CVE-2021-47222

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dstclone and directly sets the result which is wrong because the entry might have 0 refcnt or be already deleted, causing number of problems. It...

UVI-2021-1000935 net: bridge: fix vlan tunnel dst refcnt when egressing

net: bridge: fix vlan tunnel dst refcnt when egressing This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.128 by commit...