102 matches found
SUSE SLES15 Security Update : kernel (Live Patch 49 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:2932-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2932-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.197 fixes various security issues The following security issues were fixed: ...
SUSE-SU-2026:2955-1 Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: - CVE-2026-31685: netfilter: ip6teui64: reject invalid MAC header for all packets bsc1263670. - CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on...
SUSE-SU-2026:2888-1 Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.209 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of...
CVE-2026-53349
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g. ipnatq931expect. nfcthelperexpectfnunregister only unlinks the callba...
CVE-2026-53349
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g. ipnatq931expect. nfcthelperexpectfnunregister only unlinks the callba...
PT-2026-42813
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The distributed pixel cache was originally designed to operate without a challenge-response authentication model, which is a security mechanism where one party...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftct: Skip the evaluation of rules for confirmed conntrack entries. The nftctexpectobjeval function calls nfctextadd for confirmed conntrack entries. However, nfctextadd can only be called when !nfctisconfirmed is...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol numbers in custom expectations - Disallow families other than NFPROTOIPV4,IPV6,INET. - Disallow layer 4 protocols without ports, as the destination port is a mandatory attribut...
SUSE CVE-2026-43025
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace...
CVE-2026-43025
A flaw was found in the Linux kernel's netfilter component. A local user could exploit a slab-out-of-bounds vulnerability by providing a different helper than the existing master conntrack helper when creating new expectations. This could allow an attacker to read kernel memory bytes off the...
CVE-2026-43025
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace...
CVE-2026-43026 netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via nfctexpectalloc. When CTAEXPECTNAT is not present in the netlink message, savedad...
CVE-2026-43025 netfilter: ctnetlink: ignore explicit helper on new expectations
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace...
EUVD-2026-26624
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace...
CVE-2026-43025
CVE-2026-43025 affects the Linux kernel netfilter component. A local attacker can trigger a slab-out-of-bounds read when creating new expectations by supplying a non-master conntrack helper, potentially enabling information disclosure from kernel memory. The issue is described across multiple sou...
CVE-2026-43025
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace...
CVE-2026-43025 netfilter: ctnetlink: ignore explicit helper on new expectations
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace...
EUVD-2026-24868
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Similar to e77e6ff502ea "netfilter: conntrack: do not dump other netns's conntrack entries via proc"...
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackexpect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Similar to e77e6ff502ea "netfilter: conntrack: do not dump other netns's conntrack entries via proc"...
CVE-2026-31496
Summary: CVE-2026-31496 affects the Linux kernel netfilter nf_conntrack_expect handling across network namespaces. The root cause is a failure to skip or isolate expectations that do not reside in the target netns, enabling a local user to access or view nf_conntrack_expect entries from other nam...