Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – A memory leak occurred during the stateful object update. Stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function wa...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Do not allow SETID to refer to another table. When performing lookups for sets within the same batch using their IDs, a set from a different table can be used. However, when the table is removed, a reference ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not skip expired elements during walking. There is an asymmetry between the commit/abort phase and the preparation phase if the following conditions are met: 1. “set” is a verdict map “1.2.3.4 : jump foo” ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – A memory leak was fixed in nftablesupdchain. If nftnetdevregisterhooks fails, the memory associated with nftstats is not freed, resulting in a memory leak. This patch addresses this issue by moving...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fix for duplicate devices in netdev hooks When handling NETDEVREGISTER notifications, duplicate device registrations must be avoided, as the device might have been added by nftnetdevhookalloc during the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: The backend for setting up DEAD bits was changed to use the GC transaction API. The old and buggy gc API and the busy mark approach have been replaced with the GC transaction API. No set elements are remov...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: prefer nftchainvalidate nftchainvalidate already performs loop detection, as a cycle in the process could lead to a call stack overflow ctx-level = NFTJUMPSTACKSIZE. It also iterates through the maps via t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – The flag for the discard table is updated, with the pending basechain being deleted. The hook for unregistration is deferred to the commit phase. The same applies to hook updates triggered by the table...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Unlinking the table before deleting it The syzbot reports the following UAFs: BUG: KASAN: Use-after-free in memcmp+0x18f/0x1c0, lib/string.c:955 nlastrcmp+0xf2/0x130, lib/nlattr.c:836...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23231)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftablesaddchain nftablesaddchain publishes the chain to table-chains via listaddtailrcu in nftchainadd before registering hooks. If nftablesregisterhook then fails, the error path calls...

AlmaLinux 8 : kernel (ALSA-2026:25121)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25121 advisory. kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781 kernel: nbd:...

SUSE CVE-2026-46324

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walked by concurrent dumpers. Add a new helper and use it consistently...

CVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooks

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walked by concurrent dumpers. Add a new helper and use it consistently...

CVE-2026-46324

CVE-2026-46324 concerns the Linux kernel’s nf_tables netlink hook handling. The vuln is fixed by replacing use of list_del_rcu() for nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks to prevent concurrent dumpers from walking the list while it’s modified. A new helper was added...

Exploit for Use After Free in Linux Linux_Kernel

🐧 CVE-2026-23111 - Linux Kernel nftables Use-After-Free Vulne...

Linux Distros Unpatched Vulnerability : CVE-2026-46324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walke...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2026:21557 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: j1939: j1939sessionnew: fix skb reference counting CVE-2024-56645 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183 kernel: mm: thp: deny...