Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – fixed the kernel crash issue in concurrent scenarios. When the link status changes, the nic driver needs to notify the roce driver to handle this event. However, at this time, the roce driver may uninit, which could...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: The function devmaddactionorreset is actually used. The function pciallocirqvectors allocates an interrupt vector. When devmaddaction fails, the interrupt vector is not freed, resulting in a memory leak...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed an oops error when unloading drivers that are parallel to each other. When the hclge driver is unloaded, it attempts to disable sriov first for each aedev node from hnae3aedevlist. If the hns3 driver is unloaded ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – added validation of the VLAN ID before using it. Currently, the VLAN ID can be used without validation when receiving a VLAN configuration mailbox from VF. The length of vlansdelfailbmap is BITSTOLONGSVLANNVID. This m...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: skbuff: fixed the coalescing behavior for pagepool fragment recycling. Fixed a use-after-free issue when using pagepool with page fragments. We encountered this problem during normal RX processing in the hns3 driver: 1 Initially,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Networks: hns3 – The use of numtqps in the vf driver to allocate resources. Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps,...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – Added a vlan list lock to protect the vlan list. When adding a port-based VLAN, the vf VLAN needs to be removed from the hardware, and the vlan state in the vf VLAN list must be set to “false”. If the periodic task...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – A buffer overflow vulnerability may occur when reading coalesce info via debugfs. The hns3 driver defines an array of strings to store coalesce info. However, if the kernel introduces a new mode or state, a buffer...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: hns3: fixed a kernel crash that occurred when uninstalling the driver. When the driver is uninstalled and the VFs are disabled concurrently, a kernel crash occurs. The reason is that both actions call the function...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Net: hns3 – Fixed a deadlock issue when configuring TC during the reset process. When configuring TC during the reset process, a deadlock may occur. The sequence is as follows: 1. pf reset start 2. setup tc 3. down: napidisable 4...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – fixed a use-after-free bug in hclgevfsendmbxmsg. Currently, the hns3remove function first uninstalls the client instance, and then uninstalls the deletion engine device. The netdevice is freed during the client instan...

SUSE CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

CVE-2026-45891

A flaw was found in the Linux kernel's hns3 network driver. This double-free vulnerability occurs due to incorrect handling of the txspare buffer during ring parameter setup. If memory allocation fails in the error cleanup path, a stale pointer to backup memory is erroneously freed twice. This ca...

EUVD-2026-32357

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

UBUNTU-CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

CVE-2026-45891

CVE-2026-45891: Linux kernel hns3 driver double-free vulnerability. Root cause: in hns3_set_ringparam(), a temporary copy (tmp_rings) is used for rollback, but the tx_spare pointer in the original ring isn’t cleared after backup, leading to a stale non-NULL tx_spare. If allocation fails during hn...

CVE-2026-45891

net: hns3: fix double free issue for tx spare buffer...

PT-2026-43758

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the hns3 network driver. In the hns3 set ringparam function, a temporary copy tmp rings of the ring structure is created for rollback purposes, but the tx...