225 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Unregistering flowtable hooks upon netns exit. Unregistering flowtable hooks before they are released via nftablesflowtabledestroy. Otherwise, the hook code may report a Use-After-Free error. BUG: KASAN:...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable – incorrect pppoe tuple PPPoE traffic that reaches the ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in th...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fixed a potential data race in nftflowtabletypeget. The call to nftunregisterflowtabletype within nfflowinetmoduleexit can conflict with nftflowtabletypeget within nftablesnewflowtable. There is no...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure that there is sufficient space to access the protocol field of the PPPoE header. Validate this once before the flowtable lookup, and then use a helper function to access the...
kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bonding: check xdp prog when set bond mode CVE-2025-22105 kernel: block: fix resource leak in blkregisterqueue error path CVE-2025-37980 kernel: dmaengine: idxd: fix memory leak in error...
ALSA-2026:18587 Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bonding: check xdp prog when set bond mode CVE-2025-22105 kernel: block: fix resource leak in blkregisterqueue error path CVE-2025-37980 kernel: dmaengine: idxd: fix memory leak in error...
CVE-2026-43329
A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...
SUSE CVE-2026-43329
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
EUVD-2026-28613
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
CVE-2026-43329
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
CVE-2026-43329
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
UBUNTU-CVE-2026-43329
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
CVE-2026-43329 netfilter: flowtable: strictly check for maximum number of actions
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
CVE-2026-43329
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
CVE-2026-43329
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
CVE-2026-43329
CVE-2026-43329 concerns the Linux kernel netfilter flowtable where the maximum number of hardware offload actions for IPv6 was exceeded (17 used vs 16 allowed). The fixes update flow_action_entry_next() to enforce the limit and raise the per-flow action cap from 16 to 24, enabling IPv6 setups to ...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an insufficiently strict check on the number of hardware in the netfilter flowtable. This issue may...