CVE-2026-52981 neigh: let neigh_xmit take skb ownership

In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: - mctp i2c: Handle the NULL header address. - daddr can be NULL if there is no neighbour table entry present; in that case, the TX packet should be discarded. - saddr is usually set by the MCTP core, but check for NULL in case...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: The issue of neighbor data leaks and rtable leaks in smcibfindroute has been fixed. In smcibfindroute, the neighbor data found by neighlookup and the rtable data resolved by iprouteoutputflow are not properly released or...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mctp i3c: handling of NULL header addresses daddr can be NULL if there is no neighbour table entry present; in that case, the TX packet should be discarded. saddr is usually set by the MCTP core, but NULL values are also...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: rose: Fixed dangling neighbor pointer issues in rosertdevicedown. There are two bugs in rosertdevicedown that can lead to use-after-free situations: 1. The loop variable t-count is modified within the loop, which can cause the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mctp: Fixed an error handling path in mctpinit. If mctpneighinit returns an error, the route resources should be released during the error handling path. Otherwise, some resources may be leaked...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: The neighbour field allows NUDNOARP entries to be forced to be garbage-collected. IFFPOINTOPOINT interfaces use NUDNOARP entries for IPv6. It’s possible to fill up the neighbour table with enough entries that it will overflow for...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: The cleanup of neighbor information has been moved to the profile cleanuptx callback. For IP tunnel encapsulation in ECMP Equal-Cost Multipath mode, since the flow is duplicated to the peer eswitch, the related neighbo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed a use-after-free in the neigh update handler for the encap entry. The function mlx5erepneighupdate was not updated to accommodate the removal of the rtnl lock from the TC filter update path, and it did not...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The neighnotify function can be called without RTNL or RCU protection. Use RCU protection to avoid potential Universal Atomic Faults UAF...

SUSE CVE-2026-45930

In the Linux kernel, the following vulnerability has been resolved: net: mctp: ensure our nlmsg responses are initialised Syed Faraz Abrar @farazsth98 from Zellic, and Pumpkin @u1f383 from DEVCORE Research Team working with Trend Micro Zero Day Initiative report that a RTMGETNEIGH will return...

CVE-2026-45930

A flaw was found in the Linux kernel's Multi-Channel Transport Protocol MCTP networking implementation. When processing a RTMGETNEIGH request, the system may return uninitialized data in the ndmsg pad bytes. This can allow a local attacker to obtain sensitive information from kernel memory, leadi...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumrouter: Fix neighbor use-after-free We sometimes observe use-after-free when dereferencing a neighbor 1. The problem seems to be that the driver stores a pointer to the neighbor, but does not hold a reference to it...

CVE-2026-31752 bridge: br_nd_send: validate ND option lengths

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: validate ND option lengths brndsend walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR option...

CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: linearize skb before parsing ND options brndsend parses neighbour discovery options from ns-opt and assumes that these options are in the linear part of request. Its callers only guarantee that the ICMPv6 header...

CVE-2026-31682

CVE-2026-31682 affects the Linux kernel bridge implementation, where br_nd_send may parse non-linear ND options from ns->opt[]. The root cause is failure to linearize the skb before ND option parsing, risking reads past the buffer and potential memory exposure or crash. The fix is to linearize...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007240)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007240 advisory. In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. syzkaller reported an overflown write in arpreqget. 0 When...

SUSE CVE-2026-23460

In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...

EUVD-2026-15374

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. Then, if...

ROS-20260119-7357

A vulnerability in the neighnotify function of the net/core/neighbour.c module of the Linux kernel's network functions support is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of...