Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for AES128-CCM is 12 setting in tlssetswoffload. The return value of cryptoaeadivsize for "ccmaes" is 16. So memcpy require 16 bytes from 12...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: NSh: The skb-protocol,data,macheader field for the outer header in nshgsosegment was restored. syzbot triggered various errors by sending a crafted GSO packet using the protocol VIRTIONETHDRGSOUDP, which includes the following...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fixed a percpu memory leak in nftablesaddchain. It seems that the percpu memory issue related to chain statistics began to occur after the commit 3bc158f8d0330f0a “netfilter: nftables: mapping basechain...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In a rather strange API design decision, qdisc-destroy is called even if qdisc-init never succeeded. This behavior occurs not only since the commit 87b60cfacf9f...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fixed an issue where possible invalid rdp's-nocbcbkthread pointers could be accessed. During the preparation phase of CPU online operations, if the rdp's-nocbcbkthread does not exist, it will be created. However, there ...

Astra Linux - уязвимость в linux, linux-5.10

The file net/netfilter/nfdupnetdev.c in the Linux kernel versions 5.4 through 5.6.10 allows local users to gain privileges due to a heap-out-of-bounds write. This issue is related to the nftablesoffload mechanism...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udpgrocomplete function assumes that all packets inserted into the receive queue have the encapsulation flag set to zero. However, this assumption is not true. Some hardware Network Interfac...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: The “copy-to-cache” mechanism has been fixed so that it performs collection using Ceph+FSCache. The “copy-to-cache” mechanism used by Ceph with local caching creates a new request to write data that was just read from the...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use the correct macoffset to unwind gsoskb in nshgsosegment As shown in the call trace, the skbpanic error occurred due to an incorrect skb-macheader value in nshgsoSegment. Invalid opcode: 0000 1 PREEMPT SMP KASAN PTI...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89 – fw: scan offload prohibit all 6 GHz channels if no 6 GHz sband exists. We have certain policies via the BIOS that prevent the use of 6 GHz frequencies. In this case, the 6 GHz sband parameter will be set to NULL, ev...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fixed by using eswitch mapping in nic mode The cited patch uses the eswitch object mapping pool when in nic mode, where it is not initialized. This results in the trace below 0. The fix involves using either the ni...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: gso: Fixed a panic that occurred when using a fraglist with mixed head allocation types. Since the commit 3dcbdb134f32 “net: gso: Fixed an error in skbsegment when splitting a gsosize mangled skb having linear-headed...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bridge: switchdev: Fixed memory leaks when changing the VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or via the 8021q driver. When the former is used, the VLAN is marked in the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netsched: schsfq: fixed a potential crash when handling gsoskb. SFQ assumes that at least one packet can always be queued. However, after the problematic commit, sch-q.len can be inflated by packets in sch-gsoskb. An enqueue...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw89: wow: fixed the GTK offload H2C skbuff issue We mistakenly considered skb to be too large, which might have exceeded skb-end. Therefore, we have corrected this issue. skbuff: skboverpanic: text:ffffffffc09e9a9d...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ixgbevf: Fixed compatibility issues with the mailbox API by negotiating supported features. There was backward compatibility regarding the mailbox API. Various drivers from different operating systems that support 10G adapters...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021615)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021615 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data...

CLSA-2026-1778896895 kernel: Fix of 2 CVEs

ptrace: require CAPSYSPTRACE when task has no mm - net: udpoffload: propagate SKBFLSHAREDFRAG in skbgroreceivelist CVE-2026-46300 - can: raw: fix ro-uniq use-after-free in rawrcv CVE-2026-31532...

CLSA-2026-1778867412 kernel: Fix of CVE-2026-46300

net: skbuff: propagate shared-frag marker through skbgroreceive + skbshift CVE-2026-46300 - Revert "net: gro: propagate SKBFLSHAREDFRAG through skbgroreceive"...

CVE-2026-43329

A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...