231 matches found
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
A flaw was found in the Linux kernel. A local attacker can exploit an out-of-bounds write vulnerability when the kernel recomputes an IPv6 Source Routing Header SRH. This issue occurs because insufficient headroom is reserved during the recompression process, leading to memory corruption...
CVE-2026-53228
In the Linux kernel, the following vulnerability has been resolved: ipv6: sit: reload inner IPv6 header after GSO offloads ipip6tunnelxmit caches the inner IPv6 header pointer at function entry and continues using it after iptunnelhandleoffloads. For GSO skbs, iptunnelhandleoffloads calls...
CVE-2026-53217
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...
UBUNTU-CVE-2026-53217
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...
CVE-2026-53217
The CVE-2026-53217 issue affects the Linux kernel MVPP2 driver: RX data was synchronized at the hardware packet offset, leaving end-of-frame data possibly stale on non‑coherent DMA. Root cause is incorrect DMA sync range (starting at dma_addr and not covering the actual written packet tail). The ...
EUVD-2026-39308
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...
CVE-2026-53217 net: mvpp2: sync RX data at the hardware packet offset
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...
PT-2026-52312
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the CPU synchronization for received data is incorrectly aligned. The driver programs the RX queue packet offset such that hardware writes data ...
CVE-2026-53014
In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: fix wrong device for macheaderxmit check in tcfblockcastredir In tcfblockcastredir, when iterating block ports to redirect packets to multiple devices, the macheaderxmit flag is queried from the wrong device...
CVE-2026-53111
In the Linux kernel, CVE-2026-53111 is a concrete issue in the BPF LWT encap path. The bug occurs in bpf_lwt_xmit_push_encap when skb_dst(skb)->dev is used to compute headroom, but skb->_skb_refdst may be uninitialized during bpf_prog_test_run_skb, causing a NULL pointer dereference and a k...
CVE-2026-53111 bpf: test_run: Fix the null pointer dereference issue in bpf_lwt_xmit_push_encap
In the Linux kernel, the following vulnerability has been resolved: bpf: testrun: Fix the null pointer dereference issue in bpflwtxmitpushencap The bpflwtxmitpushencap helper needs to access skbdstskb-dev to calculate the needed headroom: err = skbcowheadskb, len + LLRESERVEDSPACEskbdstskb-dev; B...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv6: A BUG in pskbexpandhead, as part of calipsoskbuffsetattr. There exists a kernel oops caused by a BUGONnhead INTMAX i.e., intskbheadroomskb + lendelta skbheadroomskb is meant to ensure that delta = headroom - skbheadroomskb ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv4: ipgre: made ipgreheader more robust. A corresponding commit db5b4e39c4e6 has been made for “ip6gre: made ip6greheader more robust.” Over the years, syzbot has identified many ways in which the kernel can crash due to issues...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Wifi: wlcore – Ensure skbheadroom before calling skbpush. This fix prevents occasional skbunderpanic errors in wl1271txwork. In this case, the allocated headroom is less than necessary typically 110 – 94 = 16 bytes...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ip6gre: made ip6greheader more robust. Over the years, syzbot has identified many ways in which the kernel can crash due to issues related to ip6greheader. This involves the ability of team or bonding drivers to dynamically chang...
PT-2026-52005
Name of the Vulnerable Software and Affected Versions Linux kernel version 6.19.0-rc5 Description A null pointer dereference issue exists in the bpf lwt xmit push encap helper. The issue occurs because the skb- skb refdst variable may not be initialized when the socket buffer skb is set up by the...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: rpl: Reserve enough headroom for the MAC header when recompressing the SRH. The function ipv6rplsrhrcv decompresses the RFC 6554 Source Routing Header, swaps the next segment into ipv6hdr-daddr, recompresses it, and then...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel:...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with reqqueuemutex...