Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets The number of buckets being stored in 32-bit variables requires ensuring that no overflows occur in nfthashbuckets. syzbot injected a size == 0x40000000 and reported: UBSAN:...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23111)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...

Fedora 44 : tailscale (2026-07897c0238)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-07897c0238 advisory. - update to 1.98.4 - Allow nftables to satisfy firewall dependency in lieu of iptables rhbz2453924 - Fix 45s timeout on shutdowns in certain cases...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

Linux Kernel nftables Out-of-bounds Read/Write Vulnerability; nftbyteorder improperly handles the contents of VM registers when CAPNETADMIN is present in any user or network namespace...

Astra Linux - уязвимость в linux-5.10, linux-5.15

A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. When an error occurs during the creation of a nftables rule, deactivating immediate expressions in nftimmediatedeactivate can cause the chain to be unbound,...

UBUNTU-CVE-2026-43916

pamauthnft is a PAM session module binding nftables firewall rules to...

CVE-2026-43916

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

CVE-2026-43916

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

EUVD-2026-29474

pamauthnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peerlookuptcp src/peerlookup.c:134, prior to the fix allowed a crafted NETLINKSOCKDIAG reply to slip past the message-size check, then...

PT-2026-40031

pam authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer lookup tcp src/peer lookup.c:134, prior to the fix allowed a crafted NETLINK SOCK DIAG reply to slip past the message-size check...

SUSE CVE-2026-43024

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-6.1, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Failure to set the dormant flag on the hook register We need to set the dormant flag again if we fail to register the hooks. During memory pressure, hook registration may fail, resulting in a table being...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Netfilter: nftables: exthdr: fix for 4-byte stack OOB write issue. If priv-len is a multiple of 4, then dstlen / 4 can write beyond the destination array, leading to stack corruption. This fix is necessary to handle the remainder...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: clone set element expression template The memcpy function breaks when using connlimit in set elements. Use nftexprclone to initialize the connlimit expression list; otherwise, the connlimit garbage collect...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

Linux Kernel nftables: Vulnerability involving local privilege escalation after free operations; nftchainlookupbyid fails to check whether a chain is active, and CAPNETADMIN is present in any user or network namespace...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: fixed a memory leak in fib6rulesuppress The kernel causes a memory leak when a fib rule is present in IPv6 nftables firewall rules, and when a suppressprefix rule is present in the IPv6 routing rules used by certain tools...

CVE-2026-43024 netfilter: nf_tables: reject immediate NF_QUEUE verdict

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject immediate NFQUEUE verdict nftqueue is always used from userspace nftables to deliver the NFQUEUE verdict. Immediately emitting an NFQUEUE verdict is never used by the userspace nft tools, so reject...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007223)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007223 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-len is a multiple of 4, then dstl...

SUSE-SU-2026:21099-1 Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...