90 matches found
CVE-2026-53216
The CVE-2026-53216 issue affects the Linux kernel mvpp2 XDP path. Short pool buffers can be smaller than PAGE_SIZE, yet XDP initially sets every xdp_buff frame size to PAGE_SIZE. The XDP helpers then use frame_sz to validate tail growth, which, with an oversized frame, can allow bpf_xdp_adjust_ta...
CVE-2026-53216 net: mvpp2: limit XDP frame size to the RX buffer
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...
CVE-2026-53216
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...
CVE-2026-53216 net: mvpp2: limit XDP frame size to the RX buffer
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...
EUVD-2026-39306
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...
CVE-2026-53215
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...
CVE-2026-53215
CVE-2026-53215 affects the Linux kernel mvpp2 driver: the RX path could return a descriptor buffer to the hardware Buffer Manager after it had been handed to XDP or an skb, allowing DMA into memory no longer owned by the RX ring. Root cause is improper handling of RX buffers in mvpp2_rx_refill() ...
CVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb use
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...
CVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb use
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...
PT-2026-52311
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the XDP path initializes every xdp buff with PAGE SIZE as the frame size, regardless of whether the buffer is from a short or long BM pool...
PT-2026-52310
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 network driver where the RX error path returns the current descriptor buffer to the hardware Buffer Manager BM pool. This action is only valid while the driv...
SUSE-SU-2026:2482-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2 – Clearing the BM pool before initialization. The register values persist after booting the kernel using kexec, which results in a kernel panic. Therefore, it is necessary to clear the BM pool registers before...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: mvpp2main: A possible OOB write issue has been fixed in mvpp2ethtoolgetrxnfc. The rules parameter is allocated in ethtoolgetrxnfc, and its size is determined by rulecnt from the user space. Therefore, rulecnt must ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Guard flow control updates with globaltxfc in buffer switching The function mvpp2bmswitchbuffers mvpp2bmpoolupdateprivfc when switching between per-cpu and shared buffer pool modes. This function programs the CM3 flow...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007021)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007021 advisory. In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006790)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006790 advisory. In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel...
Linux Distros Unpatched Vulnerability : CVE-2026-23438
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mvpp2: guard flow control update with globaltxfc in buffer switching mvpp2bmswitchbuffers unconditionally calls mvpp2bmpoolupdateprivfc when switching...
SUSE CVE-2026-23438
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with globaltxfc in buffer switching mvpp2bmswitchbuffers unconditionally calls mvpp2bmpoolupdateprivfc when switching between per-cpu and shared buffer pool modes. This function programs CM3...
CVE-2026-23438
A flaw was found in the Linux kernel's mvpp2 driver. A local privileged user could cause a system crash, leading to a Denial of Service DoS, by triggering a null pointer dereference. This occurs when changing the Maximum Transmission Unit MTU on systems where the CM3 SRAM resource is not present,...