Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, hsr: rejecting HSR frames if skb cannot hold the tag. Receiving an HSR frame with insufficient space to hold the HSR tag in the skb can result in a crash kernel BUG. 45.390915 skbuff: skbunderpanic:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: hsr: Fixed uninit-value access in fillframeinfo Syzbot reports the following uninit-value access problems. ===================================================== BUG: KMSAN: uninit-value in fillframeinfo net/hsr/hsrforward.c:60...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hsr: It is necessary to hold the rcu lock and dev lock during the execution of hsrgetportndev. The hsrgetportndev function calls hsrforeachport, which requires holding the rcu lock. On the other hand, before returning the port...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Networking layer: hsr – Fixed potential use-after-free issues. The skb structure is passed to netifrx, which may free it. After this call, dereferencing the skb structure may lead to a use-after-free condition...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prpcreatetaggedframe The prpfillrct function may fail. In that case, it frees the skb and returns NULL. On the successful path, however, it returns the original skb. Therefore, it is straightforward...

SUSE CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: hsr: Avoid possible NULL dereference in skbclone. syzbot encountered a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When createstrippedskbhsr returns NULL, we must not attempt to call skbclone. Additionall...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003605 advisory. In the Linux kernel before 5.0.3, a memory leak exits in hsrdevfinalize in net/hsr/hsrdevice.c if hsraddport fails to add a port, which may cause denial of service,...

SUSE CVE-2025-68776

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

CVE-2025-68776

A flaw was found in the Linux kernel's High-availability Seamless Redundancy HSR networking component. This vulnerability occurs due to a missing NULL pointer check in the prpgetuntaggedframe function. An attacker could exploit this by triggering a scenario where a memory allocation fails, leadin...

UBUNTU-CVE-2025-68776

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

CVE-2025-68776

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

CVE-2025-68776 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

CVE-2025-68776 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

CVE-2025-68776

In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation failed. If pskbcopy returns NULL, skbclone is called with a NULL pointer,...

Linux Distros Unpatched Vulnerability : CVE-2025-68776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/hsr: fix NULL pointer dereference in prpgetuntaggedframe prpgetuntaggedframe calls pskbcopy to create frame-skbstd but doesn't check if the allocation faile...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000224)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000224 advisory. In the Linux kernel before 5.0.3, a memory leak exits in hsrdevfinalize in net/hsr/hsrdevice.c if hsraddport fails to add a port, which may cause denial of service,...

SUSE CVE-2022-50817

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...

Linux Distros Unpatched Vulnerability : CVE-2022-50817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns...

EUVD-2022-55881

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug in hsrgetuntaggedframe. When/if createstrippedskbhsr returns NULL, we must not attempt to call skbclone. While we are at it, replac...