283 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53094
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix stale offload-prog pointer after constant blinding When a dev-bound-only BPF program BPFFXDPDEVBOUNDONLY undergoes JIT compilation with constant blindi...
UBUNTU-CVE-2026-53175
In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by the fqdirpreexit flush On netns teardown, fqdirpreexit walks the fqdir rhashtable and flushes every fragment queue that is not yet complete using inetfragqueueflush. That helper frees all...
CVE-2026-53175
The CVE-2026-53175 entries describe a use-after-free in the Linux kernel’s fragment reassembly during netns teardown. Root cause: fqdir_pre_exit() flushes fragment queues but may leave freed skbs referenced by fragment queue state (fragments_tail/last_run_head) before INET_FRAG_COMPLETE is set, a...
PT-2026-52271
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists during network namespace teardown. The function fqdir pre exit flushes incomplete fragment queues via inet frag queue flush, which frees queued socket buffe...
CVE-2026-53094 bpf: Fix stale offload->prog pointer after constant blinding
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stale offload-prog pointer after constant blinding When a dev-bound-only BPF program BPFFXDPDEVBOUNDONLY undergoes JIT compilation with constant blinding enabled bpfjitharden = 2, bpfjitblindconstants clones the program...
CVE-2026-53094
The CVE affects the Linux kernel BPF/JIT path for dev-bound-only XDP programs. When constant blinding is enabled (bpf_jit_harden >= 2), bpf_jit_blind_constants() clones the program and bpf_jit_prog_release_other() frees the original, but offload->prog isn’t updated, leaving a stale pointer....
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: xfrm: The x-tunnel is deleted as soon as the x is deleted. The ipcomp fallback tunnels are currently deleted from various lists and hashtables because the last user state that relied on those fallbacks is destroyed not deleted. I...
PT-2026-51988
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF subsystem where a stale pointer is maintained after constant blinding. When a dev-bound-only BPF program BPF F XDP DEV BOUND ONLY undergoes JIT compilation wit...
CVE-2026-52909
In the Linux kernel, the following vulnerability has been resolved: ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns fallback tunnel device ip6vti0. Other similar tunnel drivers like...
CVE-2026-52909
The CVE-2026-52909 issue affects the Linux kernel’s IPv6 Virtual Tunnel Interface (ip6_vti) fallback device: ip6_vti0 may be movable between network namespaces because netns_immutable is not set during initialisation. Multiple connected advisories confirm this root cause and indicate patches have...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed a UAF issue in nfqnlnfhookDrop when opsinit fails. When the opsinit function is called to initialize the network, but ops-init fails, data is released. However, the pointer ptr in net-gen becomes invalid. In this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Unregistering flowtable hooks upon netns exit. Unregistering flowtable hooks before they are released via nftablesflowtabledestroy; otherwise, the hook code may report a Use-After-Free error. BUG: KASAN:...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: fixed a use-after-free in twtimerhandler A real-world panic issue was discovered in Linux 5.4. The details of the issue are as follows: - Bug: Unable to handle a page fault for the address: ffffde49a863de28 - Memory layout:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pfcp: The device is destroyed along with the udp socket’s netns structure. The pfcpnewlink function links the device to a specific netns in devnet instead of net, where an udp tunnel socket is created. Even when net is removed, t...
PT-2026-50927
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vti6 init net function fails to set the netns immutable flag on the per-netns fallback tunnel device 'ip6 vti0'. This flag is intended to prevent the device from being moved to anoth...
kernel: smc: Fix use-after-free in tcp_write_timer_handler()
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...
CVE-2026-46120
Concrete details found: CVE-2026-46120 affects the Linux kernel ip6_gre machinery. The issue is in ip6erspan_changelink(), which wrongly uses dev_net(dev) instead of the correct per-netns hash resolved by link_net, after a patch series that fixed per-netns resolution in ip6erspan_newlink(). This ...
net: qrtr: ns: Limit the maximum server registration per node
...
SUSE CVE-2026-43091
In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrmpolicyfini frees the policybydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their...
EUVD-2026-27592
In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrmpolicyfini frees the policybydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their...