1221 matches found
kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
kernel: netfilter: flowtable: strictly check for maximum number of actions
A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the net: libwx section, the Rx ring descriptor is properly reset after a device reset. When a device reset is triggered due to changes in features, such as toggling Rx VLAN settings, wx-doreset is called to reinitialize the Rx...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: gso: Fixed a panic that occurred when using a fraglist with mixed head allocation types. Since the commit 3dcbdb134f32 “net: gso: Fixed an error in skbsegment when splitting a gsosize mangled skb having linear-headed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Bridge: switchdev: Fixed memory leaks when changing the VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is marked in the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fixed a percpu memory leak in nftablesaddchain. It seems that the percpu memory issue related to chain statistics began to occur after the commit 3bc158f8d0330f0a “netfilter: nftables: mapping basechain...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: resetting dst in the route object after setting up a flow. The dst field is now transferred to the flow object, and the route object no longer owns it. Resetting dst in the route object is necessary;...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nsh: Added restoration of skb-protocol, data, macheader for the outer header in nshgsosegment. The syzbot exploited various vulnerabilities by using a crafted GSO packet for VIRTIONETHDRGSOUDP that included the following...
WordPress Offload, AI & Optimize with Cloudflare Images plugin <= 1.10.2 - Authenticated (Author+) Remote Code Execution vulnerability
Authenticated Author+ Remote Code Execution vulnerability discovered by Yat in WordPress Plugin Offload, AI & Optimize with Cloudflare Images versions = 1.10.2...
kernel: netfilter: flowtable: strictly check for maximum number of actions
A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...
kernel: netfilter: flowtable: strictly check for maximum number of actions
A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...
SUSE CVE-2026-46323
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
CVE-2026-46323
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
CVE-2026-46323
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
UBUNTU-CVE-2026-46323
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
EUVD-2026-35413
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
CVE-2026-46323
CVE-2026-46323 affects the Linux kernel’s networking GRO path. The issue occurs in skb_gro_receive() where fragments can be copied between the source and GRO skbs without respecting zerocopy status, notably when SKBFL_MANAGED_FRAG_REFS is set. When this flag is present, pages in shinfo->frags ...
PT-2026-47760
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The skb gro receive function fails to check the zerocopy status, specifically the SKBFL MANAGED FRAG REFS flag, when copying fragments between the source and Generic Receive Offload GRO...
ibmveth: Disable GSO for packets with small MSS
...