CVE-2026-52988

A flaw was found in the Linux kernel's netfilter component. This vulnerability involves a concurrency issue during updates to netfilter rulesets. When multiple updates occur simultaneously, improper synchronization could lead to unsafe data access during netlink dump list traversal. This could...

UBUNTU-CVE-2026-53231

In the Linux kernel, the following vulnerability has been resolved: net: phy: don't try to setup PHY-driven SFP cages when using genphy We don't have support for PHY-driver SFP cages with the genphy code. On top of that, it was found by sashiko that running sfpbusaddupstream for genphy deadlocks,...

UBUNTU-CVE-2026-53238

In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...

UBUNTU-CVE-2026-53233

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...

CVE-2026-53259

CVE-2026-53259 (Linux kernel) fixes a race in IPv6 anycast address management. The root cause was a window where inserting an aca into the global inet6_acaddr_lst[] and its hash could be separated from the teardown path (RTNL), causing the ac_addr to be freed while still linked, i.e., a slab-use-...

EUVD-2026-39329

In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlblunlabeladdrinfoget used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independentl...

EUVD-2026-39324

In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...

CVE-2026-53231

The CVE describes a Linux kernel vulnerability in the net: phy subsystem where PHY-driven SFP cages were being initialized for genphy, which is not supported, leading to a potential RTNL deadlock. Root cause: genphy PHY probing runs under RTNL, unlike non-genphy drivers, allowing sfp_bus probing ...

CVE-2026-53182 wifi: nl80211: reject oversized EMA RNR lists

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...

EUVD-2026-38881

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix macvlangetsize not reserving space for IFLAMACVLANBCCUTOFF macvlangetsize does not account for IFLAMACVLANBCCUTOFF, but macvlanfillinfo conditionally includes it when port-bccutoff != 1. This causes nlaputs32 to fail...

EUVD-2026-38846

In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state PSP version configuration and cryptographic key material, respectively but do not require...

EUVD-2026-38856

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...

CVE-2026-52988

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...

CVE-2026-53000 netfilter: nat: use kfree_rcu to release ops

In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfreercu to release ops Florian Westphal says: "Historically this is not an issue, even for normal base hooks: the data path doesn't use the original nfhookops that are used to register the callbacks. However,...

CVE-2026-53000

CVE-2026-53000 affects the Linux kernel netfilter NAT path. The root issue is partial exposure of nf_hook_ops during error handling, which can lead to unsafe access to internal hook data via the datapath and nat dispatcher flow. Exploitation details are not provided in the documents, but the desc...

CVE-2026-52988

The CVE-2026-52988 issue affects the Linux kernel netfilter nf_tables code, specifically the join hook list updated via splice_list_rcu() during commit phases. The vulnerability arises when new hooks are published to the basechain/flowtable while a concurrent ruleset update is ongoing, potentiall...

CVE-2026-52988 netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netlink: Fixed wraparounds of sk-skrmemalloc. Netlink has this pattern in some places: c if atomicread&sk-skrmemalloc sk-skrcvbuf atomicaddskb-truesize, &sk-skrmemalloc; This issue was also fixed in commit 5a465a0da13e “udp: Fixe...

Astra Linux – Vulnerability in Linux, Linux 5.10

There is a bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating an NFC device from user-space...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fixed the nested key length validation in the set action. It is not safe to access nlalenovskey if the data is smaller than the netlink header. Ensure that the attribute is valid first...