kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ip6tunnel: Fixed the handling of NEXTHDRFRAGMENT in ip6tnlparsetlvenclim. syzbot pointed out that the handling of NEXTHDRFRAGMENT is incorrect. Reading fragoff can only be done if enough bytes are pulled into skb-head...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: ip6tunnel: Ensure that the inner header is pulled in ip6tnlrcv. syzbot found that ip6tnlrcv could access unitized data 1. Call pskbinetmaypull to fix this, and initialize the ipv6h variable after this call, as it can change...

Linux Distros Unpatched Vulnerability : CVE-2026-43037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 recei...

UBUNTU-CVE-2026-23003

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: use skbvlaninetprepare in ip6tnlrcv Blamed commit did not take care of VLAN encapsulations as spotted by syzbot 1. Use skbvlaninetprepare instead of pskbinetmaypull. 1 BUG: KMSAN: uninit-value in INETECNdecapsulate...

CVE-2026-23003 ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: use skbvlaninetprepare in ip6tnlrcv Blamed commit did not take care of VLAN encapsulations as spotted by syzbot 1. Use skbvlaninetprepare instead of pskbinetmaypull. 1 BUG: KMSAN: uninit-value in INETECNdecapsulate...

Linux Distros Unpatched Vulnerability : CVE-2026-23003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6tunnel: use skbvlaninetprepare in ip6tnlrcv Blamed commit did not take care of VLAN encapsulations as spotted by syzbot 1. Use skbvlaninetprepare instead of...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2369)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : kernel:ACPI: CPPC: Use accesswidth over bitwidth for system memory accessesCVE-2024-35995 kernel: block: fix overflow in...

CVE-2024-26857

CVE-2024-26857 affects the Linux kernel, specifically the Geneve tunnel path. The issue stems from not safely handling skb/header state during inner header pull in geneve_rx(), risking uninitialized usage of headers after pskb_inet_may_pull(). The root cause is tied to how skb->network_header ...

SUSE CVE-2024-26641

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...

CVE-2024-26633

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenclim syzbot pointed out 1 that NEXTHDRFRAGMENT handling is broken. Reading fragoff can only be done if we pulled enough bytes to skb-head. Currently we might access...

CVE-2024-26641

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...

DEBIAN-CVE-2024-26641

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...

CVE-2024-26633

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenclim syzbot pointed out 1 that NEXTHDRFRAGMENT handling is broken. Reading fragoff can only be done if we pulled enough bytes to skb-head. Currently we might access...

DEBIAN-CVE-2024-26633

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenclim syzbot pointed out 1 that NEXTHDRFRAGMENT handling is broken. Reading fragoff can only be done if we pulled enough bytes to skb-head. Currently we might access...

CVE-2024-26641

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...

CVE-2024-26633

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenclim syzbot pointed out 1 that NEXTHDRFRAGMENT handling is broken. Reading fragoff can only be done if we pulled enough bytes to skb-head. Currently we might access...

CVE-2024-26641 ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...