Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: fixed an integer overflow issue related to the geneveopt structure. The struct geneveopt uses 5 bits for each individual option. This means that each option’s size should be less than 128 bytes. However, current Netlink...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Tunnels: Do not assume that the mac header is set in skbtunnelcheckpmtu. The recently added debug in commit f9aefd6b2aa3 “net: warn if mac header was not set” identified a bug in skbtunnelcheckpmtu, as shown in this syzbot report...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: udp: Do not accept non-tunnel GSO packets that land in a tunnel. When rx-udp-gro-forwarding is enabled, UDP packets may be forwarded in a way that causes them to land in a tunnel. This can lead to various issues. udpgroreceive...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: geneve: Fixed header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in genevexmit 1 Problem: While most IP tunnel helpers such as iptunnelgetdsfield use skbprotocolskb, true, pskbinetmaypull only uses...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

An issue was discovered in flsetgeneveopt in net/sched/clsflower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets. This may result in denial of service or privilege escalation...

Astra Linux - уязвимость в openvswitch

A flaw was discovered in Open vSwitch, where multiple versions are vulnerable to crafted Geneve packets, which may lead to a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...

Astra Linux - уязвимость в linux

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iptunnel: Adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS. The commits that caused this issue overlooked the fact that vxlan/geneve uses udptunnel6xmitskb, which calls iptunnelxmitstats. iptunnelxmitstats assumed that tunnels onl...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in genevexmitskb We should not assume mac header is set in output path. Use skbethhdr instead of ethhdr to fix the issue. sysbot reported the following : WARNING: CPU: 0 PID: 11635 at...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple NFTATUNNELKEYOPTSGENEVE attributes, the parsing logic should place every geneveopt structure one by one compactly. Hence, when deciding the next...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in genevefinddev. syzkaller reported a use-after-free in genevefinddev 0 without repro. geneveconfigure links struct genevedev.next to netgenericnet, genevenetid-genevelist. The net here could differ fr...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007273 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix geneveopt length integer overflow struct geneveopt uses 5 bit length for each single...

Linux Distros Unpatched Vulnerability : CVE-2026-23459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats...

SUSE CVE-2026-23459

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

EUVD-2026-18718

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

CVE-2026-23459

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

UBUNTU-CVE-2026-23459

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

CVE-2026-23459 ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

CVE-2026-23459

The CVE-2026-23459 issue affects the Linux kernel IP tunnel code, specifically iptunnel_xmit_stats(). The bug arose because the function assumed tunnels used NETDEV_PCPU_STAT_TSTATS, while vxlan/geneve tunnels call udp_tunnel[6]_xmit_skb() and read NETDEV_PCPU_STAT_DSTATS, creating potential data...