CVE-2026-45845

net/sched: taprio: fix NULL pointer dereference in class dump...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a signedness bug in smbdirectpreparenegotiation. The function smbdirectpreparenegotiation casts a unsigned u32 value from sp-maxrecvsize and req-preferredsendsize into a signed int before calculating mintint, .......

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in genevefinddev. syzkaller reported a use-after-free in genevefinddev 0 without repro. geneveconfigure links struct genevedev.next to netgenericnet, genevenetid-genevelist. The net here could differ fr...

EUVD-2026-25651

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-013412)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013412 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ringlen param The ringlen parameter provided by the virtual function VF ...

Linux Distros Unpatched Vulnerability : CVE-2026-23340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: sched: avoid qdiscresetalltxgt vs dequeue race for lockless qdiscs When shrinking the number of real tx queues, netifsetrealnumtxqueues calls...

kernel: net: atlantic: fix fragment overflow handling in RX path

An out-of-bounds write vulnerability was found in the Aquantia Atlantic network driver in the Linux kernel. When receiving packets that span more than MAXSKBFRAGS 17 fragments, the driver writes beyond the skb fragment array bounds in skbaddrxfrag, causing kernel memory corruption and panic...

kernel: net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

CVE-2025-71182 can: j1939: make j1939_session_activate() fail if device is no longer registered

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if device is no longer registered syzbot is still reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b5891b8 "can: j1939: add missing...

CVE-2025-71152 net: dsa: properly keep track of conduit reference

In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling of the conduit net device and its kobject which, sadly, is just wrong and doesn't make sense...

CVE-2025-71066

Summary of CVE-2025-71066 (Linux kernel, net/sched ETS): A race condition between ets_qdisc_dequeue and ets_qdisc_change can cause use-after-free on a Qdisc object. The underlying issue is that some classes with qdiscs set to NULL remain in the active list, allowing a concurrent dequeue to access...

CVE-2022-50780 net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed

In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnlnfhookdrop when opsinit failed When the opsinit interface is invoked to initialize the net, but ops-init fails, data is released. However, the ptr pointer in net-gen is invalid. In this case, when...

CVE-2025-68379 RDMA/rxe: Fix null deref on srq->rq.queue after resize failure

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq-rq.queue after resize failure A NULL pointer dereference can occur in rxesrqchkattr when ibvmodifysrq is invoked twice in succession under certain error conditions. The first call may fail in...

EUVD-2023-60171

In the Linux kernel, the following vulnerability has been resolved: kcm: Fix error handling for SOCKDGRAM in kcmsendmsg. syzkaller found a memory leak in kcmsendmsg, and commit c821a88bd720 "kcm: Fix memory leak in error path of kcmsendmsg" suppressed it by updating kcmtxmsghead-lastskb if partia...

Linux Distros Unpatched Vulnerability : CVE-2025-40280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tipc: Fix use-after-free in tipcmonreinitself. syzbot reported use-after-free of tipcnetnet-monitors in tipcmonreinitself. 0 The array is protected by RTNL, but...

smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().

...

CVE-2025-40168

In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in smcclcprfxmatch. smcclcprfxmatch is called from smclistenwork and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the returned value o...

kernel: net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add

A race condition was found in the SMC networking subsystem. Iterating over the link group list in smcrportadd without holding the lock can cause crashes when concurrent add/remove operations modify the list...

kernel: afs: Fix lock recursion

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afswakeupasynccall can incur lock recursion. The problem is that it is called from AFRXRPC whilst holding the -notifylock, but it tries to take a ref on the afscall struct in order to pass it to a work que...

net: annotate races around sk->sk_bound_dev_if

...