1190 matches found
PT-2026-38980
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
SUSE-SU-2026:1725-1 Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise kernel 6.4.0-150700.51 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during...
CVE-2026-43194
A flaw was found in the Linux kernel's networking subsystem. Specifically, the kernel incorrectly processes transmit errors for Generic Segmentation Offload GSO frames. When a single segment within a GSO frame is lost, the system may misinterpret this as a complete loss of the entire frame. This...
EUVD-2026-27728
In the Linux kernel, the following vulnerability has been resolved: xfrm: always flush state and policy upon NETDEVUNREGISTER event syzbot is reporting that "struct xfrmstate" refcount is leaking. unregisternetdevice: waiting for netdevsim0 to become free. Usage count = 2 reftracker:...
CVE-2026-43167 xfrm: always flush state and policy upon NETDEV_UNREGISTER event
In the Linux kernel, the following vulnerability has been resolved: xfrm: always flush state and policy upon NETDEVUNREGISTER event syzbot is reporting that "struct xfrmstate" refcount is leaking. unregisternetdevice: waiting for netdevsim0 to become free. Usage count = 2 reftracker:...
SUSE CVE-2026-43036
In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from incorrect handling of GSO frame errors in networking protocols, potentially leading to connection...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: ensure offloading TID queue exists The resume code path assumes that the TX queue for the offloading TID has been configured. At resume time it then tries to sync the write pointer as it may have been updated ...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove the spinlockbh operation when releasing resources after uploading. Session resources are used by the firmware and driver when the session is offloaded. Once the session is uploaded, these resources are no...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: macsec: Fixed a use-after-free issue during the sending of the offloading packet. KASAN reports the following UAF Use-after-Free issue: The metadatadst parameter, which is used to store the SCI value for macsec offloading, is...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix gtk offload status event locking The ath11k active pdevs are protected by RCU but the gtk offload status event handling code calling ath11kmacgetarvifbyvdevid was not marked as a read-side critical section. Mark...
Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: lan743x: Fixed the memory leak issue when GSO is enabled. The skb has always been mapped to the LS descriptor. Previously, the skb was mapped to the EXT descriptor when the number of fragments was zero and GSO was enabled...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxtxdpbuildskb The bnxtrxpkt function updates the ipsummed value at the end if the checksum offload is enabled. When the XDP-MB program is executed and returns XDPPASS, the bnxtxdpbuildskb...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: For GRE packets, tunnelcsumstart is used instead of the transport header. For GRE packets with TUNNELCSUM, local checksum offloading is applied to CHECKSUMPARTIAL packets. The ipGRExmit function must validate csumstart after an...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xsk: Avoid data corruption on cq descriptor numbers. Since commit 30f241fcf52a “xsk: Fix immature cq descriptor production”, the descriptor number is stored in the skb control block. The xskcqsubmitaddrlocked function relies on...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Net: libwx: fixed the Tx L4 checksum. The hardware only supports L4 checksum offloading for TCP/UDP/SCTP protocols. There was a bug in setting the Tx checksum flag for other protocols, which resulted in a Tx ring hang. This issue...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for null pointer dereference in bondipsecoffloadok We must check whether there is an active slave before dereferencing the pointer...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumrouter: Fixed a use-after-free issue when deleting GRE network devices. The driver only offloads neighbors that are created on top of network devices registered by it or their superiors which are all Ethernet...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevents concurrent access to the IPSec ASO context. The querying or updating of IPSec offload objects occurs through the Access ASO WQE. The driver uses a single mlx5eipsecaso structure for each PF, which contains a...