Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Team: Fix null-ptr-deref when the team device type is changed. The null-ptr-deref bug occurs as follows with a reproducer 1. Bug: NULL pointer dereferencing in the kernel. Address: 0000000000000228 …RIP:...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: A test for maclen should be performed before reading the MAC header. The LLC layer reads the MAC header using ethhdr, without verifying that the skb contains an Ethernet header. The Syzbot exploit was able to execute the...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure that there is sufficient space to access the protocol field of the PPPoE header. Validate this once before the flowtable lookup, and then use a helper function to access the...

kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in...

kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header 1 Like some others, llcuisendmsg...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tun: Missing verification for short frames was added. The referenced commit failed to check the validity of the frame length in the tunxdpone path, which could result in a corrupted skb being sent down the stack. Even before the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto The responsible commit forgot to account for the Ethernet header. BUG: KMSAN: uninit-val...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tap: added missing verification for short frames The referenced commit failed to check the validity of the frame length in the tapgetuserxdp function. This could result in a corrupted skb being sent down the stack. Even before th...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bpf, testrun: Fix use-after-free issue in ethskbpkttype KMSAN reported a use-after-free issue in ethskbpkttype1. The cause of the issue was that ethskbpkttype accessed skb's data that didn't contain an Ethernet header. This occur...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value1 error in bridge device's xmit path by sending a short less than ETHHLEN bytes skb. To fix it check if we can actually pull that...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in genevexmitskb We should not assume mac header is set in output path. Use skbethhdr instead of ethhdr to fix the issue. sysbot reported the following : WARNING: CPU: 0 PID: 11635 at...

EUVD-2026-25652

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

CVE-2026-31685

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990478 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with ethhdr without...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989975)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989975 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990239)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990239 advisory. In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989194)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989194 advisory. In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth...