188 matches found
CVE-2026-23300
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...
UBUNTU-CVE-2026-23316
In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...
CVE-2026-23200
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix ECMP sibling count mismatch when clearing RTFADDRCONF syzbot reported a kernel BUG in fib6addrt2node when adding an IPv6 route. 0 Commit f72514b3c569 "ipv6: clear RA flags when adding a static route" introduced logic to...
CLSA-2026-1769610819 kernel: Fix of 39 CVEs
Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed a memory leak in nhcpcpurthoutput within fibchecknhv6gw. The function fibchecknhv6gw expects that fib6nhinit will clean up everything when it fails. The commit 7dd73168e273 „ipv6: Always allocate pcpu memory in fib6nh...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: A possible infinite loop has been fixed in fib6infousesdev. fib6infousesdev appears to rely on RCU without proper protection. Similar to the previous fix in rt6nlmsgsize, we need to ensure that fib6delroute or fib6addrt2nod...
Azure Linux 3.0 Security Update: kernel (CVE-2024-56703)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56703 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6selectpath...
ROS-20260121-73-0021
A vulnerability in the fibchecknhv6gw function of the Linux operating system kernel is related to a possible memory leak. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000743)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000743 advisory. Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002628)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002628 advisory. Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002931)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002931 advisory. Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service...
CVE-2025-71097 ipv4: Fix reference count leak when using error routes with nexthop objects
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fibtableflush is called to flush all the routes that are using the dead nexthop. The...
CVE-2025-71097
Technical details for CVE-2025-71097 are not provided in the connected documents. The sources confirm the CVE exists and is tracked in various advisories, but no further product/version/impact/fix specifics are included here. Monitor vendor advisories for updates.
CVE-2025-71097 ipv4: Fix reference count leak when using error routes with nexthop objects
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fibtableflush is called to flush all the routes that are using the dead nexthop. The...
CVE-2025-68813
The CVE-2025-68813 affects the Linux kernel IPVS IPv4 route error path. A NULL pointer dereference occurs when dst_link_failure() is called with skb->dev unset, leading to ipv4_link_failure() → ipv4_send_dest_unreach() → fib_compute_spec_dst() dereferencing skb->dev. The root cause is that ...
PT-2026-2545
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.114 Description The Linux kernel contains a flaw within the IPv4 code path in the ip vs get out rt function. This function can call dst link failure without verifying that skb-dev is set, leading to a NULL...
PT-2026-8208
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's IPv6 implementation related to ECMP Equal-Cost Multi-Path routing. Specifically, a mismatch in sibling counts can occur when clearing the RTF ADDRCONF...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988811)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988811 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present in...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989509)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989509 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fibmetricsmatch if !type continue; if type RTAXMAX...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990207)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990207 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in fibmetricsmatch if !type continue; if type RTAXMAX...