kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...

EUVD-2026-34128

In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous. socketAFINET, SOCKRAW, 255; A malicious incoming ICMP packet can set the...

kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...

EUVD-2026-32170

In the Linux kernel, the following vulnerability has been resolved: netfilter: arptables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arppacketmatch unconditionally parses the ARP payload assuming two hardware addresses are present source and target. However, IPv4-over-IEEE1394 ARP RFC 27...

CVE-2026-45844

CVE-2026-45844 affects the Linux kernel netfilter arp_tables by fixing IEEE1394 ARP payload parsing. The issue stemmed from arp_packet_match() assuming both source and target hardware addresses exist, causing it to read garbage on IEEE1394 (IPv4-over-IEEE1394, RFC 2734). The patch aligns arp_pack...

kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the response length checking for UD request packets. According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be considered invalid, and it shall be silently...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x: rtl8187: Fixed a potential buffer underflow in rtl8187rxcb. The rtl8187rxcb function calculates the RX descriptor header address by subtracting its size from the skbtailptr. However, it does not validate whether th...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net:bcmgenet: Added a check for oversized packets. Occasionally, we may receive oversized packets from the hardware that exceed the maximum buffer size of 2 KiB allocated for SKBs. A proactive check is added to discard such...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Added parameter validation for packet data. Syzbot reported a bug involving uninitialized values in nciinitreq. This bug was introduced through the commit 5aca7966d2a7 “Merge tag...

EUVD-2026-27571

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

CVE-2026-43060

The CVE-2026-43060 issue affects the Linux kernel netfilter component (nft_ct). When the nft_ct module is removed, packets enqueued in nfqueue may retain stale references to conntrack zone templates or timeout policies, risking instability or DoS. The root cause is references that can outlive the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfqueue: fixed a possible use-after-free issue Eric Dumazet says: The sockhold function seems suspicious, because there is no guarantee that skrefcnt is not already 0. In case of failure, we cannot queue the packet...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed an issue where incomplete state saving occurred in rxerequester. If a send packet is dropped by the IP layer in rxerequester, the call to rxexmitpacket may fail with an error code of -EAGAIN. To recover from this...

kernel: RDMA/rxe: Fix incomplete state save in rxe_requester

An incorrect state restoration flaw was found in the Linux kernel's RDMA rxe soft-RoCE driver in the requester packet transmission logic. A local user with access to RDMA devices can trigger this issue when network layer packet drops occur during RDMA send operations, causing the work queue eleme...

CVE-2026-31684

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

SUSE CVE-2026-31552

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream commit e75665dd0968 "wifi: wlcore: ensure skb headroom before skbpush", wl1271txallocate and with it wl1271preparetxframe returns...

PT-2026-35144

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the tcf csum act function where nested VLAN headers are processed directly from skb-data when a socket buffer still contains in-payload VLAN tags. The system reads vlan-...