Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for missing rcu protection. When removing the rcureadlock from bondethtoolgettsinfo, I didn’t realize that it could also be called via setsockopt, which does not hold a rcu lock. As pointed out by syzbot: Stack trace...

Linux Distros Unpatched Vulnerability : CVE-2026-31396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be...

CVE-2026-31396

In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every closing. However it may be accessed via gettsinfo ethtool call which is possible while the interfa...

CVE-2026-31396

Summary: CVE-2026-31396 affects the Linux kernel’s net/macb and PTP clock subsystem. The root cause is a use-after-free in ptp_clock_index() when the PTP clock is accessed via get_ts_info while the interface’s PTP clock object has been deregistered. This allows a local attacker to trigger a crash...

PT-2026-30179

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.164+ Description The Linux kernel contained a use-after-free issue in the networking subsystem related to the macb driver and the PTP Precision Time Protocol clock. Specifically, the PTP clock could be access...

UBUNTU-CVE-2022-49456

In the Linux kernel, the following vulnerability has been resolved: bonding: fix missed rcu protection When removing the rcureadlock in bondethtoolgettsinfo as discussed 1, I didn't notice it could be called via setsockopt, which doesn't hold rcu lock, as syzbot pointed: stack backtrace: CPU: 0...