CVE-2026-23437 net: shaper: protect late read accesses to the hierarchy

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

CVE-2026-23437

CVE-2026-23437 (Linux kernel) concerns the net: shaper module. A missing liveness check occurs when a netdev is looked up during prep of Netlink operations, a reference is taken, and later the code uses the netdev’s lock or RCU protections. The conversion from a ref to a locked netdev may proceed...

CVE-2026-23436

The CVE-2026-23436 issue affects the Linux kernel's net: shaper component. A race could occur when a netdev is unregistered between taking a reference during Netlink prep and locking/RCU in the callback, potentially leaking the hierarchy after a flush. The fix applies the instance lock in pre- st...

PT-2026-30153

In the Linux kernel, the following vulnerability has been resolved: ip tunnel: adapt iptunnel xmit stats to NETDEV PCPU STAT DSTATS Blamed commits forgot that vxlan/geneve use udp tunnel6 xmit skb which call iptunnel xmit stats. iptunnel xmit stats was assuming tunnels were only using NETDEV PCPU...

PT-2026-30131

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

PT-2026-30132

In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect late read accesses to the hierarchy We look up a netdev during prep of Netlink ops pre- callbacks and take a ref to it. Then later in the body of the callback we take its lock or RCU which are the actual...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper CVE-2025-40110 In th...

SUSE CVE-2026-23368

In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy ledtriggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDSTRIGGERNETDEV and LEDTRIGGERPHY are enabled: 1362.049207 ledtriggerregister+0x5c/0x1fc...

EUVD-2026-15351

In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy ledtriggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDSTRIGGERNETDEV and LEDTRIGGERPHY are enabled: 1362.049207 ledtriggerregister+0x5c/0x1fc...

UBUNTU-CVE-2026-23368

In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy ledtriggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDSTRIGGERNETDEV and LEDTRIGGERPHY are enabled: 1362.049207 ledtriggerregister+0x5c/0x1fc...

CVE-2026-23368

In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy ledtriggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDSTRIGGERNETDEV and LEDTRIGGERPHY are enabled: 1362.049207 ledtriggerregister+0x5c/0x1fc...

CVE-2026-23368

CVE-2026-23368 — Linux kernel : A deadlock (AB-BA) occurs when both LED_TRIGGER_NETDEV and LED_TRIGGER_PHY are enabled. The issue stems from LED_TRIGGER_PHY registering LED triggers during phy_attach while holding RTNL and then acquiring triggers_list_lock, while LEDS_TRIGGER_NETDEV enables an LE...

CVE-2026-23273 macvlan: observe an RCU grace period in macvlan_common_newlink() error path

In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlancommonnewlink error path valis reported that a race condition still happens after my prior patch. macvlancommonnewlink might have made @dev visible before detecting an error, and its...

CVE-2026-23273

The CVE refers to a Linux kernel macvlan race: macvlan_common_newlink() can reveal a device before error handling under an RCU grace period, leading to a use-after-free as shown by a KASAN report. Connected OSV entries confirm patches in Rootio-Linux for Root:Debian/Ubuntu variants (Root-OS-DEBIA...

SUSE CVE-2026-23258

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

CVE-2026-23258

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

CVE-2026-23258

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

CVE-2026-23258 net: liquidio: Initialize netdev pointer before queue setup

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

Linux Distros Unpatched Vulnerability : CVE-2026-23258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an improper initialization order of netdev pointers, potentially leading to memory leaks...