Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed a use-after-free issue when reverting the termination table. When there are multiple destinations with termination tables, and the second one or later fails, the driver reverts the use of termination tables, but...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS; fixed a crash that occurred during the RX resync process. For the TLS RX resync process, we maintain a list of TLS contexts that require some attention. We communicate their resync information to the hardware...

PT-2026-39127

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net/mlx5e component where a DMA FIFO desynchronization occurs during error CQE SQ recovery. When a TX error CQE triggers a recovery flow, the function mlx5e reset...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed a deadlock in the tc route query code. The cited commit caused a ABBA deadlock0 when peer flows were created while holding the devcom rw semaphore. Due to the peer flow offload implementation, the lock is take...

CVE-2026-23441

A flaw was found in the Linux kernel's net/mlx5e driver. A race condition occurs when the ASO spinlock is released prematurely, allowing concurrent operations to overwrite a shared Direct Memory Access DMA context. This can lead to the processing of corrupted data, resulting in unexpected behavio...

ROS-20260113-7303

A vulnerability in the net/mlx5e component of the Linux operating system kernel is related to improper control of resource identifiers. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993114 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2025-1254)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1254 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths CVE-2025-39816 In the Linux kernel, the following...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: always use READONCE to read ring provided buffer lengths CVE-2025-39816 In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg...

EUVD-2025-13155

Malicious code in bioql PyPI...

net/mlx5e: Avoid field-overflowing memcpy()

...

CVE-2025-38590 net/mlx5e: Remove skb secpath if xfrm state is not found

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38590

CVE-2025-38590 is a Linux kernel vulnerability in the Mellanox mlx5e path. The issue occurs when a hardware decrypted packet’s xfrm state is not found in an xarray, leaving the skb secpath (sp) extension intact. Downstream code may dereference an invalid secpath, causing a crash in __xfrm_policy_...

Linux Distros Unpatched Vulnerability : CVE-2023-53105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Fix cleanup null-ptr deref on encap lock During module is unloaded while a peer tc flow is still offloaded, first the peer uplink rep profile is...

CVE-2025-38039

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARNON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is already configured, the driver currently returns -EINVAL and triggers a WARNON, leading to an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a TC rule recovery issue in the net/mlx5e component when the vport rep is not loaded...

CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53138

CVE-2024-53138 is tied to the Linux kernel’s net/mlx5e: kTLS path. The connected documents describe a root cause in page reference counting: the kTLS TX path mixes get_page() and page_ref_inc(), while the release path uses only put_page(). When pages from large folios are involved, get_page() ref...