Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: A suspicious RCU usage warning was fixed in iptunnelinitflow. There are code paths where the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning 1. This issue was fixe...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: iptunnel: prevents perpetual headroom growth The issue was triggered after the kasan function: BUG: KASAN: use-after-free in skbflowdissect+0x19d1/0x7a50 net/core/flowdissector.c:1170 A size 1 read was performed at addres...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fixed a suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash table is protected by the RTNL mutex, and iptunnelfind is only called from the control path where the mutex is acquired. A lockdep...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iptunnel: Adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS. The commits that caused this issue overlooked the fact that vxlan/geneve uses udptunnel6xmitskb, which calls iptunnelxmitstats. iptunnelxmitstats assumed that tunnels onl...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize optionslen before referencing options. The struct iptunnelinfo has a flexible array member named options that is protected by a countedbyoptionslen attribute. The compiler will use this information to enforce...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Move representor neigh cleanup to profile cleanuptx For IP tunnel encapsulation in ECMP Equal-Cost Multipath mode, as the flow is duplicated to the peer eswitch, the related neighbour information on the peer uplink...

CVE-2026-43037

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007567 advisory. In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: make sure to pull inner header in iptunnelrcv Apply the same fix than ones found i...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007245)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007245 advisory. In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007231)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007231 advisory. In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access...

CVE-2026-23459 ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS

In the Linux kernel, the following vulnerability has been resolved: iptunnel: adapt iptunnelxmitstats to NETDEVPCPUSTATDSTATS Blamed commits forgot that vxlan/geneve use udptunnel6xmitskb which call iptunnelxmitstats. iptunnelxmitstats was assuming tunnels were only using NETDEVPCPUSTATTSTATS...

SUSE CVE-2026-23277

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave devices, but does not update skb-dev to the slave device beforehand. When a...

EUVD-2026-13613

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave devices, but does not update skb-dev to the slave device beforehand. When a...

EUVD-2026-13612

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

UBUNTU-CVE-2026-23276

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions iptunnelxmit, ip6tunnelxmit lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels...

CVE-2026-23277

CVE-2026-23277 (TEQL NULL pointer dereference in iptunnel_xmit) is fixed in Linux kernel TEQL transmit path. When a GRE Gretap tunnel is TEQL slave, teql_master_xmit() transmits via netdev_start_xmit() without updating skb->dev to the slave. iptunnel_xmit then uses the original dev from skb-&g...

CVE-2026-23277

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave devices, but does not update skb-dev to the slave device beforehand. When a...

CVE-2026-23277

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnelxmit on TEQL slave xmit teqlmasterxmit calls netdevstartxmitskb, slave to transmit through slave devices, but does not update skb-dev to the slave device beforehand. When a...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: prevent perpetual headroom growth CVE-2024-26804 In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in ppsregistercdev when register device fail CVE-2025-40070 In t...