CVE-2025-39770

CVE-2025-39770 affects the Linux kernel’s GSO/TSO handling for IPv6. When performing GSO on IPv6 packets with extension headers, the kernel may request checksum offload even though the egress device only advertises NETIF_F_IPV6_CSUM, which explicitly does not support offloading for packets with e...

CVE-2025-39770 net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM

In the Linux kernel, the following vulnerability has been resolved: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6CSUM When performing Generic Segmentation Offload GSO on an IPv6 packet that contains extension headers, the kernel incorrectly requests checksum offload if the...

CVE-2025-39770 net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM

In the Linux kernel, the following vulnerability has been resolved: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6CSUM When performing Generic Segmentation Offload GSO on an IPv6 packet that contains extension headers, the kernel incorrectly requests checksum offload if the...

kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from mishandling of errors in complex rule re-hashing in the net/mlx5 HWS component, which could lead to soft lockups...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the GSO stack not properly disabling IPv6 checksum offloading, which could lead to unsupported device...

PT-2025-37226

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the net/mlx5 module related to handling complex rules rehash errors. Specifically, the error flow when moving rules between matchers could lead to...

sctp: linearize cloned gso packets in sctp_rcv

...

CVE-2025-38718 sctp: linearize cloned gso packets in sctp_rcv

In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctprcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uninitialized-memory bugs...

net/sched: flower: Fix chain template offload

...

net: bridge: switchdev: Skip MDB replays of deferred events on offload

...

netfilter: flowtable_offload: fix using __this_cpu_add in preemptible

...

CVE-2025-38622

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

DEBIAN-CVE-2025-38622

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

CVE-2025-38622

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

CVE-2025-38622 net: drop UFO packets in udp_rcv_segment()

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

CVE-2025-38622

CVE-2025-38622 — Linux kernel UDP/GSO issue : The vulnerability occurs in the UDP receive path when a packet with virtio_net_hdr using SKB_GSO_UDP and a gso_size smaller than the UDP header can trigger a crash in skb_pull_rcsum, leading to a kernel BUG in net/core/skbuff.c and a local attacker ma...

CVE-2025-38622 net: drop UFO packets in udp_rcv_segment()

In the Linux kernel, the following vulnerability has been resolved: net: drop UFO packets in udprcvsegment When sending a packet with virtionethdr to tun device, if the gsotype in virtionethdr is SKBGSOUDP and the gsosize is less than udphdr size, below crash may happen. ------------ cut here...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from udprcvsegment not handling UFO packets correctly, which could cause the kernel to crash...

AZL-73854 CVE-2025-38572 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6gsosegment syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb-transportheader. This 16bit field has a limited range. Add...