Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Net: Reenabling NETIFFIPV6CSUM offloading for BIG TCP packets The problematic commit disabled the hardware offloading of IPv6 packets with extension headers on devices that advertise NETIFFIPV6CSUM. This was based on the definiti...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for xfrm realdev null pointer dereference We should not set realdev to NULL, because packets may still be in transit, and xfrm might call xdodevoffloadok in parallel. All callbacks assume that realdev is set. Example...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix the crash caused by the LAG state check. When removing a LAG device from a bridge, the NETDEVCHANGEUPPER event is triggered. The driver determines which lower devices need to flush all offloaded entries. If one of t...

Astra Linux - уязвимость в linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain templates offload When a qdisc is deleted from a net device, the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the ‘FLOWBLOCKUNBIND’...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo,echotxevent: The shift timestamp is now set to 32 bits. In commit 1be37d3b0414 “can: mcan: fix periph RX path: use rx-offload to ensure that packets are sent from the softirq context”, the RX path for...

CVE-2026-43036

A flaw was found in the Linux kernel's networking subsystem. An attacker injecting specially crafted packets through PFPACKET paths could trigger an uninitialized value read when processing TCPv4 Generic Segmentation Offload GSO packets. This vulnerability, specifically in the gsofeaturescheck...

CVE-2026-43036

In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...

CVE-2026-43057

In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6CSUM GSO fallback NETIFFIPV6CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software...

CVE-2026-43057

CVE-2026-43057 concerns the Linux kernel networking stack. The issue arises in how IPv6 traffic with extension headers or with no inner IP protocol is processed when using IPV6_CSUM GSO fallback. The fix, described in the CVE entry and corroborated by Debian/Red Hat advisories, changes the fallba...

CVE-2026-43057 net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback

In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6CSUM GSO fallback NETIFFIPV6CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software...

CVE-2026-43057

In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6CSUM GSO fallback NETIFFIPV6CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software...

PT-2026-36474

In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6 CSUM GSO fallback NETIF F IPV6 CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto softwar...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014322 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's...

SUSE CVE-2026-31518

In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, espoutputtailtcp will return an error and not free the skb, because with synchronous crypto, the common xfrm output code will drop the packe...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-011338)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011338 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013327)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013327 advisory. In the Linux kernel, the following vulnerability has been resolved: net: do not allow gsosize to be set to GSOBYFRAGS One missing check in virtionethdrtoskb allowed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007254)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007254 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spinlockbh while releasing resources after upload The session resources are...

Linux Distros Unpatched Vulnerability : CVE-2026-23441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single...

SUSE CVE-2026-23441

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5eipsecaso struct for each PF, which contains a shared DMA-mapped context...

EUVD-2026-18682

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5eipsecaso struct for each PF, which contains a shared DMA-mapped context...