237 matches found
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit CVE-2026-23449 In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes CVE-2026-31449 In the Linux...
Linux Distros Unpatched Vulnerability : CVE-2026-53270
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module...
CVE-2026-53270
In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...
CVE-2026-53270
The CVE-2026-53270 issue affects the Linux kernel IP Virtual Server (IPVS). During ip_vs_edit_service(), unbinding the old scheduler did not clear the svc->scheduler pointer early enough, so packets could reference freed sched_data after the RCU grace period. The documented fix clears the poin...
CVE-2026-53270
In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...
CVE-2026-53270 ipvs: clear the svc scheduler ptr early on edit
In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipvs: fixed the NULL pointer dereference in the route error path of ipv4 null-ptr-deref. The IPv4 code path in ipvsgetoutrt calls dstlinkfailure, without ensuring that skb-dev is set. This leads to a NULL pointer dereference in...
SUSE CVE-2026-45850
In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. iph-len already contains its offset, so use it to fix the problem...
CVE-2026-45917
In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...
CVE-2026-45917
In the Linux kernel, the following vulnerability has been resolved: ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. As the FIB can be notified for the closed device after our handler...
CVE-2026-45917
The CVE-2026-45917 issue affects the Linux kernel IP Virtual Server (IPVS) component, where a race between the netdev notifier and the destination cache for a closing device could leak a device reference until the destination is removed. Root cause: the code caches dest_dst with a device that is ...
CVE-2026-45850
CVE-2026-45850 pertains to the Linux kernel vulnerability where protocol checksum validation for IPv6 could fail if there are extension headers before the IPv6 header. The confirmed fix uses iph->len as the offset to skip extension headers when performing checksum validation. Technical details...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ipvs module failing to skip the extended header when calculating the IPv6 checksum. This coul...
PT-2026-43717
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Protocol checksum validation fails for IPv6 when extension headers are present before the protocol header. The issue occurs because the system does not correctly skip these extension...
Linux Distros Unpatched Vulnerability : CVE-2026-45917
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. ...
PT-2026-43784
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the netdev notifier ip vs dst event and the code responsible for caching the destination dst when a device is going down. Because the Forwarding Informati...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipvs: fixed an undefined behavior due to uninitialized stack access in ipvsprotocolinit Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ipvs: fixed an error in ipvscleanupbatch. During the initialization of ipvsconnnetinit, if the files ipvsconn or ipvsconnsync fail to be created, the initialization is successful by default. Therefore, the ipvsconn or...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix race on port output CVE-2023-53188 In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ipvsaddservice CVE-2024-42322 In the Linux kernel, the...
CVE-2026-43086 ipvs: fix NULL deref in ip_vs_add_service error path
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ipvsaddservice error path When ipvsbindscheduler succeeds in ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the outerr cleanup calls...