317 matches found
CVE-2026-53012
A flaw was found in the Linux kernel's networking subsystem. When an IPv6 nexthop is replaced with an IPv4 nexthop, a flag indicating the presence of IPv4 members in nexthop groups is not correctly updated. This can lead to IPv6 routes referencing groups that only contain IPv4 members. A local...
EUVD-2026-38880
In the Linux kernel, the following vulnerability has been resolved: nexthop: fix IPv6 route referencing IPv4 nexthop syzbot reported a panic 1 2. When an IPv6 nexthop is replaced with an IPv4 nexthop, the hasv4 flag of all groups containing this nexthop is not updated. This is because...
CVE-2026-53012
In the Linux kernel, the following vulnerability has been resolved: nexthop: fix IPv6 route referencing IPv4 nexthop syzbot reported a panic 1 2. When an IPv6 nexthop is replaced with an IPv4 nexthop, the hasv4 flag of all groups containing this nexthop is not updated. This is because...
CVE-2026-53012 nexthop: fix IPv6 route referencing IPv4 nexthop
In the Linux kernel, the following vulnerability has been resolved: nexthop: fix IPv6 route referencing IPv4 nexthop syzbot reported a panic 1 2. When an IPv6 nexthop is replaced with an IPv4 nexthop, the hasv4 flag of all groups containing this nexthop is not updated. This is because...
CVE-2026-53012
CVE-2026-53012 : In the Linux kernel, a race/logic error allows IPv6 routes to reference an IPv4 nexthop because the has_v4 flag in groups is not updated when the nexthop family changes from AF_INET6 to AF_INET. The issue occurs when an IPv6 nexthop is replaced with an IPv4 nexthop and the has_v4...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ipv4: A reference count leak was fixed when using error routes with nexthop objects. When a nexthop object is deleted, it is marked as “dead”, and then fibtableFlush is called to flush all routes that use the dead nexthop. The...
PT-2026-51906
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs when an IPv6 nexthop is replaced with an IPv4 nexthop. This happens because the has v4 flag of all groups containing the nexthop is not updated, as the ...
Linux Distros Unpatched Vulnerability : CVE-2026-46099
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fixed a division by zero issue when replacing a resilient group. The resilient nexthop group-related torture tests in fibnexthop.sh exposed a possible division by zero issue when replacing a resilient group 1. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6: Added lwtunnel encap size for all siblings in the nexthop calculation. In the function rt6nlmsgsize, the length of nexthop is calculated by multiplying the nexthop length of fib6info with the number of siblings. However, if...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ipv4: Handled attempts to delete multipath routes when fibinfo contains a reference to nh. Gwangun Jung reported a buffer overflow vulnerability in fibnhmatch: fibnhmatch+0xf98/0x1130, linux-6.0-rc7/net/ipv4/fibsemantics.c:961...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: net: ipv4: fixed the issue where deleting routes with a nexthop object triggered a warning. The FRR team encountered a kernel warning1 while deleting routes2. This issue occurred when attempting to delete a route that pointed ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: vxlan: Fixed the nexthop hash size. The nexthop code expects a 31-bit hash, such as the one returned by fibmultipathhash and rt6multipathhash. Passing a 32-bit hash returned by skbgethash can lead to issues, especially when th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Fixed the issue of “use-after-free” in removenhgrpentry. When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer, and then immediately frees the removed entry’s percpu sta...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks 1 that can be reduced to the following commands: ip nexthop add id 1 blackhole devlink dev reload pci/0000:06:00.0 As part of the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6: Release the next-hop information upon device removal The CI is experiencing some non-periodic hangs during device removal in the pmtu.sh self-test: unregisternetdevice: Waiting for vethA-R1 to become available. Usage count ...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled !CONFIGIPV6 we'll hit a NULL pointer dereference1 in the error path of nhcreateipv6 due to calling...
SUSE CVE-2026-43374
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...
CVE-2026-43374
A flaw was found in the Linux kernel's networking net: nexthop component. When a nexthop is removed from a group, the system prematurely frees per-CPU percpu statistics memory. This timing issue allows other parts of the kernel that are still referencing the old group to access and potentially...
EUVD-2026-28680
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...