Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: resetting dst in the route object after setting up a flow. The dst field is now transferred to the flow object, and the route object no longer owns it. Resetting dst in the route object is necessary;...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftflowoffload: Release dst if direct xmit path is used Direct xmit does not use it since it calls devqueuexmit to send packets; therefore, it calls dstrelease. kmemleak reports: Unreferenced object 0xffff88814f4409...

CVE-2026-43329

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...

PT-2026-38980

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter flowtable component where the system fails to strictly check for the maximum number of supported actions. In IPv6 setups, the required number of hardware...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: Fixed issues where stuck flows occurred during cleanup due to pending work. To clear the flow table when it becomes free, the following sequence typically occurs: 1 The gcstep operation is stopped to disable...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fixed by using eswitch mapping in nic mode The cited patch uses the eswitch object mapping pool when in nic mode, where it is not initialized. This results in the following trace 0. Fixed by using either the nic or...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005056)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005056 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: reset dst in route object after setting up flow dst is transferred to...

CVE-2023-54216

The CVE-2023-54216 entries describe a Linux kernel vulnerability in net/mlx5e TC offload code where eswitch mapping was used in NIC mode, accessing an uninitialized eswitch object mapping pool and causing a slab-use-after-free in mlx5_add_flow_rules (mlx5_core) traced via a KASAN report. A patch ...

SUSE CVE-2023-53999

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra postact rules are added to postact table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel...

UBUNTU-CVE-2023-53999

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra postact rules are added to postact table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel...

CVE-2023-53999

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra postact rules are added to postact table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel...

CVE-2025-68360 wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks MT7996 driver can use both wed and wedhif2 devices to offload traffic from/to the wireless NIC. In the current codebase we assume to always use the primary w...

SUSE CVE-2023-53720

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...

CVE-2023-53720

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...

UBUNTU-CVE-2023-53720

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...

SUSE CVE-2024-53120

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5tcctentryaddrule, in case ctruleadd callback returns error, zonerule-attr is used uninitiated. Fix it to use attr which has the needed pointer value...

kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...

UBUNTU-CVE-2022-50000

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...

TencentOS Server 3: kernel (TSSA-2022:0125)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0125 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

kernel: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5tcctentryaddrule, in case ctruleadd callback returns error, zonerule-attr is used uninitiated. Fix it to use attr which has the needed pointer value...