Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net:cpswnew: The ndosetrxmode callback is executed within a work queue. Commit 1767bb2d47b7 “ipv6: mcast: Do not hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP.” removed the RTNL lock for these operations. However, this chang...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: mt7996 – Drop fragments with multicast or broadcast RA. IEEE 802.11 fragmentation can only be applied to unicast frames. Therefore, fragments are dropped during multicast or broadcast RA. This patch addresses...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed a soft lockup issue in brmulticastqueryexpired. When setting multicastqueryinterval to a large value, the local variable time in brmulticastsendquery may overflow. If the time is less than a few milliseconds, t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfp: MC addresses are cleaned in the application firmware when the port is closed. When moving devices from one namespace to another, MC addresses are cleaned in software, but they are not removed from the application firmware. A...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: Wait for previous GC cycles when removing a port. The syzbot encountered a use-after-free issue1. This issue occurs because the bridge does not ensure that all previous garbage collection cycles are completed...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: Fixed an unsafe loop on the list. The kernel may crash when deleting a genetlink family if there are still listeners for that family: Oops: Kernel access to a corrupted area, sig: 11 1 … NIP c000000000c080bc...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fixed the issue of leaking the multicast GID table reference. If the CM ID is destroyed while the CM event for multicast creation is still queued, the cancelworksync function will prevent the work from running. This also...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places, such as commit b117e1e8a86d “net: dsa: delete dsalegacyfdbadd and dsalegacyfdbdel”, DSA is written under the assumption that higher layers perform...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabilit...

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrummr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex instead of RTNL to protect the multicast route list, so that it will not change while the driver periodically traverse...

CVE-2026-10636

In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...

CVE-2026-10637

subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...

CVE-2026-10637 Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query

subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...

CVE-2026-10637

CVE-2026-10637 describes a use-after-free in Zephyr’s IPv6 MLD send path: after net_send_data(pkt) returns, mld_send() reads net_pkt_iface(pkt), which may point to freed memory because ownership transfers to the L2 driver and the packet is returned to the k_mem_slab. If the freed slot has been re...

EUVD-2026-37009

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, packipmreqsource checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte...

SUSE CVE-2026-50127

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

GHSA-9663-MQMP-P9MM python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

Allocation of Resources Without Limits or Throttling

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the AsyncListener.handlequeryordefer function. An attacker can exhaust system memory and...