SUSE CVE-2026-46266

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...

PT-2026-46029

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTO RAW 255 was dangerous. socketAF INET, SOCK RAW, 255; A malicious incoming ICMP packet can set...

ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

SUSE CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

UBUNTU-CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

CVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointers

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

CVE-2026-46037

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the reverse path handling during ICMP routing searches. This vulnerability ma...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: icmp6: Fixed the null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP, and it will be forwarded to an external IP in t...

EUVD-2026-29387

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

CVE-2026-1681 net: Stack Overflow with Ping (to own IP Address) via Shell

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

PT-2026-39942

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

PT-2026-37409

In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp build probe ipv6 stub-ipv6 dev find may return ERR PTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIG IPV6=m and not loaded, and passing this error pointer to dev hold will cause a...

Linux Distros Unpatched Vulnerability : CVE-2026-43099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: icmp: fix null-ptr-deref in icmpbuildprobe ipv6stub-ipv6devfind may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not...

RHEL 8 : ovn23.06 (RHSA-2026:11695)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11695 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

Important: Red Hat Security Advisory: ovn25.03 security update

An update for ovn25.03 is now available for Fast Datapath for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

ovn: ovn: Heap Over-Read in ICMP Error Response Generation - security issue

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...