CVE-2026-53228

The CVE-2026-53228 entry documents a vulnerability in the Linux kernel SIT IPv6 tunnel driver. When GSO offloads are used, the code may keep a stale pointer to the inner IPv6 header after skb header unclone and potential headroom reallocation, leading to reads from freed memory. A fix reloads the...

EUVD-2026-39319

In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6tunnelxmit caches the inner IPv6 header pointer at function entry and continues using it after iptunnelhandleoffloads. For GSO skbs, iptunnelhandleoffloads calls...

CVE-2026-53091 net: pull headers in qdisc_pkt_len_segs_init()

In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...

CVE-2026-53091

The CVE-2026-53091 issue concerns the Linux kernel’s handling of GSO packet headers during qdisc_pkt_len_segs_init(). The root cause is that many ndo_start_xmit() paths assume headers are already in skb->head, while tso_build_hdr() may copy from skb->data, and qdisc_pkt_len_segs_init() diss...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use the correct macoffset to unwind gso skb in nshgsosegment. As shown in the call trace, the skbpanic error occurred due to an incorrect skb-macheader in nshgsoSegment. Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Zeroed unused hash fields When a GSO tunnel is negotiated, the virtionethdrtnlfromskb function attempts to initialize the tunnel metadata. However, it forgets to zero the unused rxhash fields. This could lead to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: UDP: Do not accept non-tunnel GSO packets that land in a tunnel. When rx-udp-gro-forwarding is enabled, UDP packets may be forwarded in a way that causes them to land in a tunnel. This can lead to various issues. udpgroreceive...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: prevented mss overflow in skbsegment Once again, syzbot is able to cause the kernel to crash in skbSegment. “GSOBYFRAGS” is a forbidden value, but unfortunately, the following calculation in skbSegment can easily result in...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: gso: Fixed the udp gso fraglist segmentation issue after pulling from fraglist. Detect invalid geometry conditions caused by corrupted geometry data see below, and pass these conditions to skbsegment instead of skbSegmentList...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Rejected malicious packets in ipv6gsoSegment. syzbot was able to create a packet with very long IPv6 extension headers, leading to an overflow of skb-transportheader. This 16-bit field has a limited range. Add the...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netsched: The gsoskb list is also flushed during the -change operation. Previously, when reducing the limit of a qdisc using the -change operation, only the main skb queue was trimmed, potentially leaving packets in the gsoskb...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in udpgsosegment In udpgsosegment, the skb destructor is removed before segmenting the skb, but the reference to the socket remains intact. This issue arises if the original skb becomes orphaned later, as ...

CVE-2026-45859

A flaw was found in the Linux kernel's netfilter nfnetlinkqueue component. This vulnerability occurs when an application does not set the FGSO capability flag and a Generic Segmentation Offload GSO packet with an unconfirmed netfilter connection nfconn entry is received. Due to an incorrect order...

CVE-2026-45929 ovpn: fix possible use-after-free in ovpn_net_xmit

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpnnetxmit When building the skblist in ovpnnetxmit, skbsharecheck will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021626)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021626 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gsomaxsize/gsoipv4maxsize Config a small...

SUSE CVE-2026-43194

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

EUVD-2026-27755

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

CVE-2026-43194

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

CVE-2026-43194

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...

CVE-2026-43194 net: consume xmit errors of GSO frames

In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgrofrglist.sh and udpgrobench.sh are the flakiest tests currently in NIPA. They fail in the same exact way, TCP GRO test stalls occasionally and the test gets killed after 10min. These...