CVE-2026-46260

The CVE-2026-46260 entry is supported by multiple connected sources detailing a kernel IPv6 out-of-bounds read when creating an IPv6 route with RTA_NH_ID, due to fib6_info not containing trailing fib6_nh and an unsafe read of iter->fib6_nh. The fix adds a check of iter->nh before dereferenc...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Fixed a mismatch in the count of ECMP siblings when clearing RTFADDRCONF. The syzbot reported a kernel bug in fib6addrt2node, when adding an IPv6 route. 0 The commit f72514b3c569 "ipv6: Clear RA flags when adding a stati...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed a memory leak in nhcpcpurthoutput within fibchecknhv6gw. The function fibchecknhv6gw assumes that fib6nhinit will clean up everything when it fails. The commit 7dd73168e273 „ipv6: Always allocate pcpu memory in fib6nh...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: fib6rules: avoided possible NULL dereferencing in fib6ruleaction. syzbot is capable of triggering the following crashes 1, caused by the unsafe use of ip6dstidev. Indeed, ip6dstidev can return NULL, and this value must...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ipv6: A possible infinite loop has been fixed in fib6infousesdev. fib6infousesdev appears to rely on RCU without proper protection. Similar to the previous fix in rt6nlmsgsize, we need to ensure that fib6delroute or fib6addrt2nod...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006775 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of...

CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

CVE-2026-23200

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix ECMP sibling count mismatch when clearing RTFADDRCONF syzbot reported a kernel BUG in fib6addrt2node when adding an IPv6 route. 0 Commit f72514b3c569 "ipv6: clear RA flags when adding a static route" introduced logic to...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56703)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56703 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6selectpath...

PT-2026-8208

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's IPv6 implementation related to ECMP Equal-Cost Multi-Path routing. Specifically, a mismatch in sibling counts can occur when clearing the RTF ADDRCONF...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988811)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988811 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present in...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-399003)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-399003 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6rules: avoid possible NULL dereference in fib6ruleaction syzbot is able to trigger the...

Linux Distros Unpatched Vulnerability : CVE-2025-38588

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6nlmsgsize While testing prior patch, I was able to trigge...

DEBIAN-CVE-2025-38588

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6nlmsgsize While testing prior patch, I was able to trigger an infinite loop in rt6nlmsgsize in the following place: listforeachentryrcusibling, &f6i-fib6siblings, fib6siblings...

UBUNTU-CVE-2025-38588

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6nlmsgsize While testing prior patch, I was able to trigger an infinite loop in rt6nlmsgsize in the following place: listforeachentryrcusibling, &f6i-fib6siblings, fib6siblings...

CVE-2025-38588 ipv6: prevent infinite loop in rt6_nlmsg_size()

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6nlmsgsize While testing prior patch, I was able to trigger an infinite loop in rt6nlmsgsize in the following place: listforeachentryrcusibling, &f6i-fib6siblings, fib6siblings...

CVE-2025-38587 ipv6: fix possible infinite loop in fib6_info_uses_dev()

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6infousesdev fib6infousesdev seems to rely on RCU without an explicit protection. Like the prior fix in rt6nlmsgsize, we need to make sure fib6delroute or fib6addrt2node have not removed the...

Linux Distros Unpatched Vulnerability : CVE-2021-47546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present...

kernel: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()

In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6rules: avoid possible NULL dereference in fib6ruleaction syzbot is able to trigger the following crash 1, caused by unsafe ip6dstidev use. Indeed ip6dstidev can return NULL, and must always be checked. 1 Oops: general...

SUSE CVE-2024-56751

In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregisternetdevice: waiting for vethA-R1 to become free. Usage count = 6 reftracker:...