CVE-2026-46120

A flaw was found in the Linux kernel's ip6gre module. An unprivileged user could exploit this vulnerability by migrating a network device, causing the ip6erspanchangelink function to incorrectly handle network namespace references. This error leads to a use-after-free condition when the original...

CVE-2026-46120 ip6_gre: Use cached t->net in ip6erspan_changelink().

In the Linux kernel, the following vulnerability has been resolved: ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 "net: ipv6: Use link netns in newlink of rtnllinkops", ip6erspannewlink correctly resolves the per-netns ip6gre hash via linknet. ip6erspanchangelink was...

CVE-2026-46120

In the Linux kernel, the following vulnerability has been resolved: ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 "net: ipv6: Use link netns in newlink of rtnllinkops", ip6erspannewlink correctly resolves the per-netns ip6gre hash via linknet. ip6erspanchangelink was...

CVE-2026-9054

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Ensure a sane device mtu in tunnels. Another syzbot report 1 indicates a bug in the ip6gre tunnel dev:ip6gretap0. Since the ipv6 mcast code ensures that dev-mtu is read once and a sanity check is performed on it see comm...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: iptunnel: ensure that the inner header is pulled in iptunnelrcv The same fixes were applied in the following issues: 8d975c15c0cd “ip6tunnel: ensure that the inner header is pulled in ip6tnlrcv” 1ca1ba465e55 “geneve: ensu...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: esp: Fixed improper handling of pages from pagepool. When the skb is reorganized during espoutput !esp-inline, the pages originating from the original skb fragments are supposed to be released back to the system through...

CVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bondsetupbyslave kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS:...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ip6gre: make ip6greheader robust Over the years, syzbot found many ways to crash the kernel in ip6greheader 1. This involves team or bonding drivers ability to dynamically change their dev-neededheadroom and/or dev-hardheaderlen ...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: gso: IPv6 TSO with extensions is prohibited on devices that only have IPV6CSUM. When performing Generic Segmentation Offload GSO on an IPv6 packet that contains extension headers, the kernel incorrectly requests checksum...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013565)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013565 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report 1 with no reproducer hints at a bug...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013197)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013197 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: ensure sane device mtu in tunnels Another syzbot report 1 with no reproducer hints at a bug...

EUVD-2026-13612

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

UBUNTU-CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

CVE-2026-23276 net: add xmit recursion limit to tunnel xmit functions

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

Linux Distros Unpatched Vulnerability : CVE-2026-23276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in...

Linux Distros Unpatched Vulnerability : CVE-2026-23277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave device...

SUSE CVE-2026-23011

In the Linux kernel, the following vulnerability has been resolved: ipv4: ipgre: make ipgreheader robust Analog to commit db5b4e39c4e6 "ip6gre: make ip6greheader robust" Over the years, syzbot found many ways to crash the kernel in ipgreheader 1. This involves team or bonding drivers ability to...