Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: Release dst in case direct xmit path is used Direct xmit does not use dst because it calls devqueuexmit to send packets; therefore, it calls dstrelease. kmemleak reports: Unreferenced object:...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: resetting dst in the route object after setting up a flow. The dst field is now transferred to the flow object, and the route object no longer owns it. Resetting dst in the route object is necessary;...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fixed by using eswitch mapping in nic mode The cited patch uses the eswitch object mapping pool when in nic mode, where it is not initialized. This results in the trace below 0. The fix involves using either the ni...

CVE-2026-43329

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...

PT-2026-38980

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: Fixed issues where stuck flows occurred during cleanup due to pending work. To clear the flow table when it becomes free, the following sequence typically occurs: 1 The gcstep operation is stopped to disable...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fixed the null-ptr-deref in addruleerrflow. In the error flow of mlx5tcctentryaddrule, if ctruleadd callback returns an error, zonerule-attr is used without initialization. This issue was fixed by using attr, which...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005056)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005056 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: reset dst in route object after setting up flow dst is transferred to...

CVE-2023-54216

The CVE-2023-54216 entries describe a Linux kernel vulnerability in net/mlx5e TC offload code where eswitch mapping was used in NIC mode, accessing an uninitialized eswitch object mapping pool and causing a slab-use-after-free in mlx5_add_flow_rules (mlx5_core) traced via a KASAN report. A patch ...

SUSE CVE-2023-53999

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra postact rules are added to postact table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel...

CVE-2023-53999

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra postact rules are added to postact table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel...

UBUNTU-CVE-2023-53999

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra postact rules are added to postact table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel...

CVE-2025-68360 wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks MT7996 driver can use both wed and wedhif2 devices to offload traffic from/to the wireless NIC. In the current codebase we assume to always use the primary w...

SUSE CVE-2023-53720

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...

CVE-2023-53720

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...

UBUNTU-CVE-2023-53720

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...

SUSE CVE-2024-53120

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5tcctentryaddrule, in case ctruleadd callback returns error, zonerule-attr is used uninitiated. Fix it to use attr which has the needed pointer value...

kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...

UBUNTU-CVE-2022-50000

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...