Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: rc: The bpf attach/detach operation requires write permission. source-iocs-preserved const=CAPNETADMIN...

SUSE CVE-2026-45932

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...

Astra Linux – Vulnerability in Linux, Linux 5.10

The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 contains a slab out-of-bounds write vulnerability. Input from a process that has the CAPNETADMIN capability can lead to root access...

kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain()

A flaw was found in the Linux kernel. A local attacker with CAPNETADMIN capabilities, or remote packet traffic, could exploit a use-after-free vulnerability in the nftablesaddchain function's error handling. Successful exploitation could lead to a kernel crash, resulting in a Denial of Service Do...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003898)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003898 advisory. An issue was discovered in the Linux kernel before 5.6.7. xdpumemreg in net/xdp/xdpumem.c has an out- of-bounds write by a user with the CAPNETADMIN capability becau...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003421)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003421 advisory. The netlinkdelivertapskb function in net/netlink/afnetlink.c in the Linux kernel through 4.14.4, when CONFIGNLMON is enabled, does not restrict observations of Netli...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002663 advisory. The tipcmsgbuild function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum...

CVE-2023-53570 wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211parsembssidelems nl80211parsembssidelems uses a u8 variable numelems to count the number of MBSSID elements in the nested netlink attribute attrs, which can lead to an integer overflo...

Linux Distros Unpatched Vulnerability : CVE-2017-17448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows...

Linux Distros Unpatched Vulnerability : CVE-2016-8632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tipcmsgbuild function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the...

Linux Distros Unpatched Vulnerability : CVE-2021-42008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The decodedata function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the...

SUSE CVE-2023-3772

A flaw was found in the Linux kernel's IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to directly dereference a NULL pointer in xfrmupdateaeparams, leading to a possible kernel crash and denial of service...

kernel: inactive elements in nft_pipapo_walk

A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nftpipapowalk function. This issue may allow a local user with CAPNETADMIN capability to trigger an application crash, information disclosure, or local privilege escalation...

DEBIAN-CVE-2023-52642

In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires CAPNETADMIN...

kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests

A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAPNETADMIN capability to crash or potentially...

kernel: inactive elements in nft_pipapo_walk

A use-after-free flaw was found in the Netfilter subsystem in the Linux kernel via the nftpipapowalk function. This issue may allow a local user with CAPNETADMIN capability to trigger an application crash, information disclosure, or local privilege escalation...

kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()

An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...

kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()

An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...

kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()

An out-of-bounds OOB memory access flaw was found in the Netfilter module in the Linux kernel's nftbyteordereval in net/netfilter/nftbyteorder.c. A bound check failure allows a local attacker with CAPNETADMIN access to cause a local privilege escalation issue due to incorrect data alignment...

kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nftables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user with CAPNETADMIN capability could use this...