Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipvlan: Do not use skb-sk in ipvlanprocessv4,6outbound Raw packets from the PFPACKET socket on an IPv6-backed ipvlan device will trigger a WARNONONCE call in skmcloop, through the schdirectxmit path. Warning: CPU: 2 PID: 0 at...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKET...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the...

CVE-2026-31700

A flaw was found in the Linux kernel. A Time-of-check to Time-of-use TOCTOU race condition exists in the tpacketsnd function when PACKETVNETHDR is enabled. A local user can exploit this by modifying the vnethdr fields in the mmap'd TX ring buffer between validation and use, thereby bypassing safe...

CVE-2026-43036

A flaw was found in the Linux kernel's networking subsystem. An attacker injecting specially crafted packets through PFPACKET paths could trigger an uninitialized value read when processing TCPv4 Generic Segmentation Offload GSO packets. This vulnerability, specifically in the gsofeaturescheck...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013791)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013791 advisory. In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypa...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010853)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010853 advisory. In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002613 advisory. In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003320)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003320 advisory. In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanoutadd from setsockopt and bind on an AFPACKET socket. This issue...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992670 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an...

Linux Distros Unpatched Vulnerability : CVE-2025-39987

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit...

CVE-2025-39988

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the...

CVE-2025-39987

In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKET...

CVE-2025-39986

In the Linux kernel, the following vulnerability has been resolved: can: sun4ican: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACK...

CVE-2025-39985

In the Linux kernel, the following vulnerability has been resolved: can: mcbausb: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACKE...

CVE-2025-39988

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the...

UBUNTU-CVE-2025-39986

In the Linux kernel, the following vulnerability has been resolved: can: sun4ican: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the PFPACK...

CVE-2025-39988 can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit function of a CAN driver. The only check which is performed by the...

CVE-2025-39986

CVE-2025-39986 affects the Linux kernel sun4i_can CAN driver. Root cause: sun4i_can did not populate net_device_ops->ndo_change_mtu(), allowing an attacker to set an invalid MTU (e.g., 9999) via ip link and then use PF_PACKET with ETH_P_CANXL to inject frames. The PF_PACKET path only checks sk...