Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed the inversion dependency warning when enabling IPsec tunnel. Attempts to enable IPsec packet offloading in tunnel mode in the debug kernel generate the following kernel panic, due to two issues: 1. In the SA a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fixed by using eswitch mapping in nic mode The cited patch uses the eswitch object mapping pool when in nic mode, where it is not initialized. This results in the trace below 0. The fix involves using either the ni...

CVE-2026-43467

A flaw was found in the Linux kernel's mlx5core driver. A local user or process can trigger a system crash by attempting to move a network device to switchdev mode when the device does not support IPsec. This occurs because the kernel incorrectly tries to clean up IPsec resources that do not exis...

EUVD-2026-28770

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag correct...

CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5eipsecinitmacs by replacing mlx5querymacaddress with etheraddrcopy to get the local MAC address directly from...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: macsec: Fixed a use-after-free issue during the sending of the offloading packet. KASAN reports the following UAF Use-after-Free issue: The metadatadst parameter, which is used to store the SCI value for macsec offloading, is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: nullify cq-dbg pointer in mlx5debugcqremove Prior to this patch in case mlx5coredestroycq failed it proceeds to rest of destroy operations. mlx5coredestroycq could be called again by user and cause additional call of...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix a race on command flush flow Fix a refcount use after free warning due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entry while another...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fixed the null-ptr-deref in addruleerrflow. In the error flow of mlx5tcctentryaddrule, if ctruleadd callback returns an error, zonerule-attr is used without initialization. This issue was fixed by using attr, which...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix handling of wrong devices during bond netevent Current implementation of bond netevent handler only check if the handled netdev is VF representor and it missing a check if the VF representor is on the same phys...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa 168.967392 BUG: kernel NULL pointer dereference,...

CVE-2026-23173

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup ...

CVE-2026-23173

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup ...

UBUNTU-CVE-2026-23173

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup ...

CVE-2026-23173

CVE-2026-23173 affects the Linux kernel mlx5e driver (TC flow offload). The issue arises when deleting TC steering flows: the code previously iterated over all possible ports, potentially touching non-existent peers and risking a NULL pointer dereference. The fix ensures cleanup only occurs for d...

CVE-2026-23173

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup ...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38109)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38109 advisory. - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on...

CVE-2025-68779

A use-after-free vulnerability was found in the Mellanox mlx5 Ethernet driver in the Linux kernel. The PSP Platform Security Processor component is unregistered twice during device removal - once in mlx5eremove and again in mlx5eniccleanup. This double unregistration causes a refcount underflow,...

SUSE CVE-2025-68779

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: mlx5eremove - mlx5epspunregister mlx5eniccleanup - mlx5epspunregister This leads to a refcount underflow in some conditions: ------------ cut here -----------...

CVE-2025-68779

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: mlx5eremove - mlx5epspunregister mlx5eniccleanup - mlx5epspunregister This leads to a refcount underflow in some conditions: ------------ cut here -----------...