OESA-2026-2314 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llistabortdesc At the end of this function, d is the traversal cursor of flist, but the code complet...

OESA-2026-2313 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descriptor completion in llistabortdesc At the end of this function, d is the traversal cursor of flist, but the code complet...

OESA-2026-2310 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. T...

net: fix fanout UAF in packet_release() via NETDEV_UP race

...

SUSE CVE-2026-31504

In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...

EUVD-2026-24881

In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...

CVE-2026-31504

In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...

CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race

In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...

CVE-2026-31504

The CVE-2026-31504 entry describes a race in the Linux kernel’s networking stack: during a NETDEV_UP event, a socket re-registration into a fanout group’s arr[] can leave a dangling pointer if packet_release() doesn’t clear po->num while bind_lock is held. This Use-After-Free risk stems from a...

Linux Distros Unpatched Vulnerability : CVE-2026-31504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array...

PT-2026-34409

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the packet release function where a NETDEV UP event can re-register a socket into a fanout group's arr array. Because packet release does not zero the po-num...

CVE-2026-34573

Parse Server exposes a denial-of-service when the GraphQL query complexity validator is enabled (requestComplexity.graphQLDepth or requestComplexity.graphQLFields). In versions prior to 8.6.68 and 9.7.0-alpha.12, a crafted query using binary fan-out fragment spreads can block the Node.js event lo...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001610 advisory. Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003468 advisory. Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002874)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002874 advisory. net/packet/afpacket.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packetfanout data...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002851)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002851 advisory. net/packet/afpacket.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packetfanout data...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002934)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002934 advisory. Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified...

Linux Distros Unpatched Vulnerability : CVE-2017-6346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have...

CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

SUSE CVE-2017-6346

Race condition in net/packet/afpacket.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a multithreaded application that makes PACKETFANOUT setsockopt system calls...