CVE-2026-46172

A flaw was found in the Linux kernel's IPv6 Internet Protocol version 6 xfrm6 component. When processing encapsulated IPv6 packets, the xfrm6rcvencap function fails to release a destination dst entry reference if an IPv6 route lookup results in an error. A remote attacker could exploit this by...

CVE-2026-46172

CVE-2026-46172 concerns the Linux kernel’s xfrm6_rcv_encap path for IPv6. If a route lookup via ip6_route_input_lookup() returns a dst entry with an error, the function may drop the skb without attaching or releasing that dst reference, leaking dst entries. The documented fix releases the dst bef...

CVE-2026-46172

In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6rcvencap xfrm6rcvencap performs an IPv6 route lookup when the skb does not already have a dst attached. ip6routeinputlookup returns a referenced dst entry even when the lookup resolves to...

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

EUVD-2026-31403

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

PT-2026-42721

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: Zero padding when dumping algorithms and encapsulation structures. When copying data to user-space, we must ensure that only valid data is copied. Padding in structures may be filled with random possibly sensitive data and...

Astra Linux - уязвимость в docker.io

Moby is an open-source container framework developed by Docker Inc. It is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component, dockerd, which is developed as moby/moby, is commonly referred to as Docker. Swarm Mode, which is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udpgrocomplete function assumes that all packets inserted into the receive queue have the encapsulation flag set to zero. However, this assumption is not true. Some hardware Network Interfac...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: l2tp: Fixed a memory leak in l2tpudpencaprecv. syzbot reported a memory leak of struct l2tpsession, l2tptunnel, sock, etc. 0 The referenced commit moved the validation of the protocol version to l2tpudpencaprecv. The new location...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: seg6: Fixed the iif in the IPv6 socket control block. When an IPv4 packet is received, the iprcvcore... function sets the receiving interface index into the IPv4 socket control block v5.16-rc4, net/ipv4/ipinput.c, line 510: c...

kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged...

openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...

Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES)

The Elliptic Curve Integrated Encryption Scheme ECIES is widely regarded as a practical method and has been adopted by multiple standards. However, the advancement of quantum computing technologies poses potential security risks to ECIES. Therefore, this study proposes a Key Encapsulation...

CVE-2026-43456

A flaw was found in the Linux kernel's bonding driver. When a non-Ethernet device, such as a Generic Routing Encapsulation GRE tunnel, is added to a bond, a type confusion vulnerability occurs. This happens because the bonding driver incorrectly copies network header operations from the slave...

CLSA-2026-1778072039 openssl: Fix of CVE-2026-31790

CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...

CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CVE-2026-43080 l2tp: Drop large packets with UDP encap

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CLSA-2026-1777948139 openssl: Fix of CVE-2026-31790

CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...