net: mvpp2: refill RX buffers before XDP or skb use

...

net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown

...

net: mvpp2: sync RX data at the hardware packet offset

...

net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list

...

CVE-2026-53228

A flaw was found in the Linux kernel's Simple Internet Transition SIT tunnel driver for IPv6. When processing network traffic with Generic Segmentation Offload GSO enabled, the driver may use a stale pointer to the inner IPv6 header after the socket buffer skb head has been reallocated. This can...

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: tigera-operator, gitea-fips, zarf, reports-server, terraform, skaffold-fips, kyverno, omnictl-multiarch-fips, opentelemetry-collector, prometheus-fips, kyverno-fips, seaweedfs-rocksdb, gitlab-rails-ce, mattermost, rancher-agent, prometheus-operator, cilium-cli,...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: steampipe, guac, sops, loki, ko, containerd, wal-g, gptscript, chisel, eksctl, opentelemetry-collector, step, policy-controller, argo-events, caddy, syft, fscrypt, witness, crossplane-provider-azure-managedidentity, pulumi-language-dotnet, kyverno, rancher, terragrun...

CVE-2026-53300

In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after-free issue 1. If netcxmitntmpcmd times out and returns an error, the pending command is not explicitly aborted, while...

CVE-2026-53318

CVE-2026-53318 describes a fix in the Linux kernel’s wireless stack: for mt76/mt7925, a NULL pointer dereference in mt7925_tx_check_aggr() was mitigated by moving the NULL check for the 'sta' pointer before its dereference, preventing a possible crash. The vulnerability affects the mt7925 compone...

EUVD-2026-39841

In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...

CVE-2026-53300 net: enetc: fix NTMP DMA use-after-free issue

In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after-free issue 1. If netcxmitntmpcmd times out and returns an error, the pending command is not explicitly aborted, while...

CVE-2026-53300

CVE-2026-53300 – Linux kernel net: enetc DMA use-after-free fix . The connected documents describe concrete fixes: (1) convert cbdr->ring_lock from a spinlock to a mutex to safely reclaim used BDs and release DMA memory within a sleep-capable context; (2) introduce a software shadow BD (netc_s...

EUVD-2026-39834

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainittx If queue entry list allocation fails in airohaqdmainittxqueue routine, airohaqdmacleanuptxqueue will trigger a NULL pointer dereference accessing the queue entry...

CVE-2026-53297

The CVE-2026-53297 issue in the Linux kernel relates to the mana driver path (net: mana) where mana_remove() could be invoked twice: first during mana_probe() teardown and a second time if a resumed PM callback subsequently fails, leading to a NULL dereference when gc == NULL and a kernel panic. ...

EUVD-2026-39902

In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard manaremove against double invocation If PM resume fails e.g., manaattach returns an error, manaprobe calls manaremove, which tears down the device and sets gd-gdmacontext = NULL and gd-driverdata = NULL. However,...

EUVD-2026-39895

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

EUVD-2026-39894

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

CVE-2026-53289

In the Linux kernel ice driver, CVE-2026-53289 describes a NULL pointer dereference in ice_reset_all_vfs caused by ignoring the return value of ice_vf_rebuild_vsi(). If a VSI rebuild fails (e.g., during NVM firmware update), ice_vsi_rebuild_vsi leaves txq_map/rxq_map NULL and ice_vf_post_vsi_rebu...

EUVD-2026-39891

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliarydeviceadd fails in idpfplugvportauxdev or idpfplugcoreauxdev, the errauxdevadd label calls auxiliarydeviceuninit and falls through to errauxdevinit...

CVE-2026-52979

A flaw was found in the Linux kernel's Platform Security Processor PSP network driver. This vulnerability occurs when creating a device association, where the system fails to properly check if the device has been unregistered. A race condition exists where the device can be unregistered before a...