CVE-2026-53212

A flaw was found in the Linux kernel's netfilter component, specifically within the nfttunnel module. This vulnerability occurs due to a use-after-free error when an object is destroyed, where memory is prematurely deallocated while still being referenced by queued network packets. This can lead ...

CVE-2026-53212 netfilter: nft_tunnel: fix use-after-free on object destroy

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix use-after-free on object destroy nfttunnelobjdestroy calls metadatadstfree which directly kfrees the metadatadst, ignoring the dstentry refcount. Packets that took a reference via dsthold in...

CVE-2026-53212

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix use-after-free on object destroy nfttunnelobjdestroy calls metadatadstfree which directly kfrees the metadatadst, ignoring the dstentry refcount. Packets that took a reference via dsthold in...

CVE-2026-53212

The CVE-2026-53212 issue affects the Linux kernel nft_tunnel implementation within netfilter, where nft_tunnel_obj_destroy() used metadata_dst_free() to free a metadata_dst, bypassing dst_entry refcount accounting. This could leave in-flight packets that hold references (via dst_hold()) dangling,...

kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple NFTATUNNELKEYOPTSGENEVE attributes, the parsing logic should place every geneveopt structure one by one compactly. Hence, when deciding the next...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-403340)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-403340 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple...

EUVD-2025-11242

Malicious code in bioql PyPI...

The vulnerability of the nft_tunnel component in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the nfttunnel component in the Linux operating system is related to the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

SUSE CVE-2025-22056

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple NFTATUNNELKEYOPTSGENEVE attributes, the parsing logic should place every geneveopt structure one by one compactly. Hence, when deciding the next...

UBUNTU-CVE-2025-22056

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix geneveopt type confusion addition When handling multiple NFTATUNNELKEYOPTSGENEVE attributes, the parsing logic should place every geneveopt structure one by one compactly. Hence, when deciding the next...