Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: fddi: fixed a Use-after-Free UAF issue in fzaprobe. The fp field is private data of netdev, and it cannot be used after the freenetdev call. Using fp after freenetdev can cause a UAF bug. This issue was fixed by moving the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: idpf: fixed null-ptr-deref in idpffeaturescheck idpffeaturescheck is used to validate the TX packet. The length of the skb header is compared with the value supported by the hardware, which is received from the device control...

EUVD-2026-28762

In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bondsetupbyslave kernel BUG at net/core/skbuff.c:2306! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP: 0010:pskbexpandhead+0xa08/0xfe0 net/core/skbuff.c:2306 RSP: 0018:ffffc90004aff760 EFLAGS:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990114 advisory. In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emacremove adpt is netdev private data and it cannot be used after...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988963)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988963 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlanremoveone priv is netdev private data and it cannot be used after...

DEBIAN-CVE-2025-38500

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...

CVE-2025-38500

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...

UBUNTU-CVE-2025-38500

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...

CVE-2025-38500

CVE-2025-38500 : In the Linux kernel, a use-after-free could occur when changing xfrm interface collect_md state via xfrmi_changelink(), because the collect_md interface could be placed in both xfrmi_net and collect_md_xfrmi structures. The fix uses the xi from netdev_priv earlier in the path to ...

CVE-2025-38500 xfrm: interface: fix use-after-free after changing collect_md xfrm interface

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collectmd xfrm interface collectmd property on xfrm interfaces can only be set on device creation, thus xfrmichangelink should fail when called on such interfaces. The check to...

DEBIAN-CVE-2025-38053

In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpffeaturescheck idpffeaturescheck is used to validate the TX packet. skb header length is compared with the hardware supported value received from the device control plane. The value is stored in the...

UBUNTU-CVE-2025-38053

In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpffeaturescheck idpffeaturescheck is used to validate the TX packet. skb header length is compared with the hardware supported value received from the device control plane. The value is stored in the...

CVE-2024-50274 idpf: avoid vport access in idpf_get_link_ksettings

In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpfgetlinkksettings When the device control plane is removed or the platform running device control plane is rebooted, a reset is detected on the driver. On driver reset, it releases the resources and...

SUSE CVE-2021-47310

In the Linux kernel, the following vulnerability has been resolved: net: ti: fix UAF in tlanremoveone priv is netdev private data and it cannot be used after freenetdev call. Using priv after freenetdev can cause UAF bug. Fix it by moving freenetdev at the end of the function...

UBUNTU-CVE-2021-47311

In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emacremove adpt is netdev private data and it cannot be used after freenetdev call. Using adpt after freenetdev can cause UAF bug. Fix it by moving freenetdev at the end of the function...

PT-2025-25827

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference issue has been identified in the Linux kernel, specifically in the idpf features check function. This function is used to validate TX packets, and the issue...

SUSE CVE-2024-26596

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdevpriv dereference before check on non-DSA netdevice events After the blamed commit, we started doing this dereference for every NETDEVCHANGEUPPER and NETDEVPRECHANGEUPPER event in the system. static inline stru...

DEBIAN-CVE-2024-26596

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdevpriv dereference before check on non-DSA netdevice events After the blamed commit, we started doing this dereference for every NETDEVCHANGEUPPER and NETDEVPRECHANGEUPPER event in the system. static inline stru...

PT-2024-11312 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free UAF bug in the emac remove function. The adpt variable, which is netdev private data, cannot be used after the free netdev call. Using adpt aft...