EUVD-2026-38849

In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...

CVE-2026-52981

CVE-2026-52981 concerns a Linux kernel issue in neigh_xmit: when called with an uninitialized neighbor table (e.g., NEIGH_ND_TABLE with IPv6 disabled), neigh_xmit can return -EAFNOSUPPORT without releasing the skb, risking a memory leak. The fix removes the remaining code path that could neither ...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net, neigh: Fixed the null-ptr-deref in neightableclear. When the IPv6 module is initialized, an error occurs in the middle. This results in a kernel panic with the following error message: KASAN: Nullptrderef in range...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: fixed possible store tearing in neighperiodicwork. While reviewing a related syzbot report involving neighperiodicwork, I discovered that I forgot to add an annotation when deleting an RCU-protected item from a list. When...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: Replace physindev with physinif in nfbridgeinfo. A skb can be added to the neigh-arpqueue while waiting for an arp reply. In this case, the skb’s skb-dev may differ from the neigh-dev of the destination. For...

CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

Linux Distros Unpatched Vulnerability : CVE-2026-45930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Tren...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ipv4: A data race issue related to sysctlfibmultipathuseneigh has been fixed. When reading sysctlfibmultipathuseneigh, it is possible for the value to be changed concurrently. Therefore, we need to add READONCE to its read...

CVE-2026-23293

In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If an IPv6...

CVE-2026-23293

In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If an IPv6...

UBUNTU-CVE-2026-23293

In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If an IPv6...

CVE-2025-71133

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdmanetevent irdmanetevent should not dereference anything from "neigh" alias "ptr" until it has checked that the event is NETEVENTNEIGHUPDATE. Other events come with different structures pointe...

CVE-2025-71133

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdmanetevent irdmanetevent should not dereference anything from "neigh" alias "ptr" until it has checked that the event is NETEVENTNEIGHUPDATE. Other events come with different structures pointe...

CVE-2025-71133

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdmanetevent irdmanetevent should not dereference anything from "neigh" alias "ptr" until it has checked that the event is NETEVENTNEIGHUPDATE. Other events come with different structures pointe...

CVE-2025-71133 RDMA/irdma: avoid invalid read in irdma_net_event

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdmanetevent irdmanetevent should not dereference anything from "neigh" alias "ptr" until it has checked that the event is NETEVENTNEIGHUPDATE. Other events come with different structures pointe...

SUSE CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

UBUNTU-CVE-2023-54262

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't clone flow post action attributes second time The code already clones post action attributes in mlx5ecloneflowattrforpostact. Creating another copy in mlx5etcpostactadd is a erroneous leftover from original...

PT-2025-54091

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the mlx5e module related to flow post action attributes. The code unnecessarily clones these attributes, leading to a use-after-free condition...

Linux Distros Unpatched Vulnerability : CVE-2023-54148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Move representor neigh cleanup to profile cleanuptx For IP tunnel encapsulation in ECMP Equal-Cost Multipath mode, as the flow is duplicated to the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989076)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989076 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibmultipathuseneigh. While reading sysctlfibmultipathuseneigh...