Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we attempt to add an IPv6 nexthop parameter, and IPv6 is not enabled !CONFIGIPV6, we encounter a NULL pointer dereference in the error path of nhcreateipv6...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: ipv4: fixed a issue where deleting routes with a nexthop object triggered a warning. The FRR team encountered a kernel warning1 while deleting routes2. This issue occurred when attempting to delete a route that pointed to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: vxlan: Fixed the nexthop hash size. The nexthop code expects a 31-bit hash, such as the one returned by fibmultipathhash and rt6multipathhash. Passing a 32-bit hash returned by skbgethash can lead to issues, especially when th...

Linux Distros Unpatched Vulnerability : CVE-2026-46099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Fixed the issue of “use-after-free” in removenhgrpentry. When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer, and then immediately frees the removed entry’s percpu sta...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nexthop: Memory leaks in the nexthop notification chain listeners have been fixed. Syzkaller identified memory leaks that can be addressed by executing the following commands: ip nexthop add id 1 blackhole devlink dev reload...

SUSE CVE-2026-43374

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...

CVE-2026-43374

A flaw was found in the Linux kernel's networking net: nexthop component. When a nexthop is removed from a group, the system prematurely frees per-CPU percpu statistics memory. This timing issue allows other parts of the kernel that are still referencing the old group to access and potentially...

EUVD-2026-28680

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...

CVE-2026-43374

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...

CVE-2026-43374

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...

UBUNTU-CVE-2026-43374

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...

CVE-2026-43374

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...

CVE-2026-43374

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer then immediately frees the removed entry's percpu stats with...

CVE-2026-43374

Summary: CVE-2026-43374 affects the Linux kernel networking code (net: nexthop). The vuln arises when removing a nexthop from a group: remove_nh_grp_entry() publishes the new group via rcu_assign_pointer() and then immediately frees the removed entry’s percpu stats with free_percpu(), while the s...

PT-2026-39035

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel within the remove nh grp entry function. The system publishes a new group using rcu assign pointer and immediately frees the removed...

Linux Distros Unpatched Vulnerability : CVE-2026-43374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: nexthop: fix percpu use-after-free in removenhgrpentry When removing a nexthop from a group, removenhgrpentry publishes the new group via rcuassignpointer...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipv4: Handled attempts to delete multipath routes when fibinfo contains a reference to nh. Gwangun Jung reported a buffer overflow vulnerability in fibnhmatch: fibnhmatch+0xf98/0x1130, linux-6.0-rc7/net/ipv4/fibsemantics.c:961...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fixed a division by zero issue when replacing a resilient group. The resilient nexthop group-related torture tests in fibnexthop.sh exposed a possible division by zero issue when replacing a resilient group 1. This...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6: Added lwtunnel encap size for all siblings in the nexthop calculation. In the function rt6nlmsgsize, the length of nexthop is calculated by multiplying the nexthop length of fib6info with the number of siblings. However, if...