153 matches found
net: mvpp2: refill RX buffers before XDP or skb use
...
SUSE CVE-2026-53216
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...
CVE-2026-53215
A flaw was found in the Linux kernel's mvpp2 network driver. This vulnerability occurs due to incorrect handling of receive RX buffers, where a buffer is returned to the hardware Buffer Manager BM pool after it has been passed to the eXpress Data Path XDP or attached to a socket buffer skb. This...
CVE-2026-53229
A flaw was found in the Linux kernel's mlx5e driver. When an XDP eXpress Data Path transmission fails, the driver does not properly unmap DMA Direct Memory Access addresses or free allocated XDP frames. This oversight can lead to a continuous leak of DMA resources and XDP frames, potentially...
UBUNTU-CVE-2026-53216
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...
CVE-2026-53229
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdpframe leak on XDPTX xmit failure In the XSK branch of mlx5exmitxdpbuff, when sq-xmitxdpframe returns false e.g. XDPSQ is full, the function returns without unmapping the DMA address or freeing the...
CVE-2026-53216 net: mvpp2: limit XDP frame size to the RX buffer
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...
CVE-2026-53216
The CVE-2026-53216 issue affects the Linux kernel mvpp2 XDP path. Short pool buffers can be smaller than PAGE_SIZE, yet XDP initially sets every xdp_buff frame size to PAGE_SIZE. The XDP helpers then use frame_sz to validate tail growth, which, with an oversized frame, can allow bpf_xdp_adjust_ta...
EUVD-2026-39306
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...
Linux Distros Unpatched Vulnerability : CVE-2026-53069
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net, bpf: fix null-ptr-deref in xdpmasterredirect for down master syzkaller reported a kernel panic in bondrrgenslaveid reached via xdpmasterredirect. Full...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arguments While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier encountered the following...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: - In the net subsystem, sfc: added missing xdp queue reinitialization after changing the rx/tx ring buffer size. When acting as XDPTX or XDPREDIRECT, the kernel panics if the xdp queues are not reinitialized properly...
EUVD-2026-32236
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...
CVE-2026-45952
The CVE-2026-45952 issue affects the Linux kernel fbnic driver. It concerns MTU changes when an XDP program is attached: increasing MTU beyond the hardware threshold can cause fragmentation across multiple buffers, and the driver will drop all multi-fragment frames for single-buffer XDP. This can...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: XDP: Use the flags field to disambiguate broadcast redirections When redirecting a packet using XDP, the bpfredirectmap helper function sets the redirection destination information in the struct bpfredirectinfo structure using th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: igb: Fixed a use-after-free issue in igbcleantxring. Fixed the following use-after-free bug in the igbcleantxring routine when the NIC is running in XDP mode. This issue can be triggered by redirecting traffic to the igb NIC a...
Astra Linux – Vulnerability in Linux 5.10
The network backend may cause Linux netfront to use freed SKBs. While adding logic to support XDP eXpress Data Path, a code label was moved in a way that allows SKBs to retain references pointers for further processing, so that they can still be freed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed incorrect descriptor freeing behavior. ENA has two types of TX queues: - Queues that only process TX packets arriving from the network stack. - Queues that only process TX packets forwarded to them by XDPREDIRECT ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Packet corruption occurred in vmxnet3xdpxmitframe. Andrew and Nikolay reported connectivity issues with Cilium’s service load-balancing in the case of vmxnet3. If a BPF program for native XDP adds an encapsulation header...
kernel: bonding: check xdp prog when set bond mode
In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning1: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj afxdpkern.o se...