16 matches found
CVE-2026-53240
The CVE-2026-53240 issue affects the Linux kernel xfrm/iptfs path where __input_process_payload() stores first_skb into ra_newskb and later reads it after unlocking, allowing a race with iptfs_reassem_cont() to free the skb and trigger a use-after-free. The patch replaces the unlocked read with a...
EUVD-2026-39191
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on firstskb in inputprocesspayload inputprocesspayload stores firstskb into xtfs-ranewskb under droplock when starting partial reassembly, then unlocks and breaks out of the processing loop. The...
EUVD-2026-39288
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...
CVE-2026-53197
The CVE-2026-53197 entry documents a Linux kernel ABBA deadlock in xfrm/iptfs due to iptfs_destroy_state() calling hrtimer_cancel() while holding locks that the timer callbacks also acquire. The fix implemented is to call hrtimer_cancel() before acquiring either the output timer lock (x->lock)...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publishes modedata after clone setup The iptfsclonestate function stores x-modedata before allocating the reorder window. If this allocation fails, the cloned state is freed, and -ENOMEM is returned, leaving...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skbput panic on non-linear skb during reassembly In iptfsreassemcont, IP-TFS attempts to append data to the new inner packet ‘newskb’ that is being reassembled. First, a zero-copy approach is tried; if it succeed...
Linux Distros Unpatched Vulnerability : CVE-2026-31517
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: iptfs: fix skbput panic on non-linear skb during reassembly In iptfsreassemcont, IP-TFS attempts to append data to the new inner packet 'newskb' that is...
Linux Distros Unpatched Vulnerability : CVE-2026-31471
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code...
Linux Distros Unpatched Vulnerability : CVE-2026-31472
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet totlen and ihl fields parsed from decrypted IPTFS payloa...
SUSE CVE-2026-31517
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skbput panic on non-linear skb during reassembly In iptfsreassemcont, IP-TFS attempts to append data to the new inner packet 'newskb' that is being reassembled. First a zero-copy approach is tried if it succeeds...
CVE-2026-31472
A flaw was found in the Linux kernel, specifically within the xfrm and iptfs components. A remote attacker could exploit this vulnerability by sending a specially crafted Encapsulating Security Payload ESP packet. This packet, containing an inner IPv4 header with a total length totlen of zero or...
EUVD-2026-24821
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...
CVE-2026-31517 xfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skbput panic on non-linear skb during reassembly In iptfsreassemcont, IP-TFS attempts to append data to the new inner packet 'newskb' that is being reassembled. First a zero-copy approach is tried if it succeeds...
PT-2026-34422
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb put panic on non-linear skb during reassembly In iptfs reassem cont, IP-TFS attempts to append data to the new inner packet 'newskb' that is being reassembled. First a zero-copy approach is tried if it succee...
PT-2026-34377
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet tot len and ihl fields parsed from decrypted IPTFS payloads in input process payload. A crafted ESP packet containing an inne...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from iptfs’ call to skbput during the recombination process for non-linear skb objects, potentially...