SUSE CVE-2026-46273

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

CVE-2026-46273

A flaw was found in the Linux kernel's ibmveth driver. This vulnerability occurs when physical adapters on Power systems attempt to perform Generic Segmentation Offload GSO with a Maximum Segment Size MSS less than 224 bytes. A remote attacker could exploit this by sending specially crafted netwo...

CVE-2026-46273

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

CVE-2026-46273 ibmveth: Disable GSO for packets with small MSS

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

CVE-2026-46273

CVE-2026-46273 affects the Linux kernel driver for Power systems’ ibmveth. The vulnerability arises when hardware offloads GSO for small MSS values, which can cause a physical adapter to freeze under certain segmentation-offload (GSO) conditions (gso_segs > 1). The fix introduces an ndo_featur...

EUVD-2026-34138

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

CVE-2026-46273

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

kernel: rcu/nocb: Fix missed RCU barrier on deoffloading

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torturetype=rcu fwdprogress=8 nbarriercbs=8 nocbsnthreads=8 nocbstoggle=100 onoffinterval=60 testboost=2, will trigger the following warning...

PT-2026-43726

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink queue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an application did not set the 'F GSO' capability flag and a gso packet with an unconfirmed nf conn entry is...

Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems

Remote Direct Memory Access RDMA is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed the inversion dependency warning when enabling IPsec tunnel. Attempts to enable IPsec packet offloading in tunnel mode in the debug kernel generate the following kernel panic, due to two issues: 1. In the SA a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly resets the Rx ring descriptor When a device reset is triggered due to feature changes, such as toggling Rx VLAN, the function wx-doreset is called to reinitialize the Rx rings. The hardware descriptor ring ma...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: Release dst in case direct xmit path is used Direct xmit does not use dst because it calls devqueuexmit to send packets; therefore, it calls dstrelease. kmemleak reports: Unreferenced object:...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail of a packet may have some unexpected side effects if a program uses a helper function like BPFFUNCskbpulldata to read partial content beyond the headle...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: remove blockcb from driverlist before freeing The error handler of tcfblockBind frees the entire bo-cblist when an error occurs. However, by that time, the flowblockCB instances are already in the driverlist...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7921: Resource leaks in mt7921checkoffloadcapability A coverage issue related to resource leaks was fixed in the function mt7921checkoffloadcapability. The variable “fw” goes out of scope, causing a leak in the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for AES128-CCM is 12 setting in tlssetswoffload. The return value of cryptoaeadivsize for "ccmaes" is 16. So memcpy require 16 bytes from 12...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: resetting dst in the route object after setting up a flow. The dst field is now transferred to the flow object, and the route object no longer owns it. Resetting dst in the route object is necessary;...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In a rather strange API design decision, qdisc-destroy is called even if qdisc-init never succeeded. This behavior occurs not only since the commit 87b60cfacf9f...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fixed a percpu memory leak in nftablesaddchain. It seems that the percpu memory issue related to chain statistics began to occur after the commit 3bc158f8d0330f0a “netfilter: nftables: mapping basechain...