159 matches found
Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapo: Fix for the initial map filling issue. The initial buffer must be initialized to “all-ones”, but this must be limited to the size of the first field, not the total field size. After each round of the map...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: The backend for setting up DEAD bits was changed to use the GC transaction API. The old and buggy gc API and the busy mark approach have been replaced with the GC transaction API. No set elements are remov...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walking over the current view in netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on this mechanism to infer which view o...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Rejects combinations where the sum of the field lengths matches the set key length. The description of the field length indicates the length of each separate key field. Each field is rounded up to 32 bits...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: addelem"00000000" timeout 100 ms ... addelem"0000000X"...
SUSE CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
CVE-2026-43453
A flaw was found in the Linux kernel's netfilter component, specifically within the nftsetpipapo module. The pipapodrop function performs a stack out-of-bounds read. This occurs when an argument is evaluated at the call site before the function body executes, leading to a read beyond the allocate...
EUVD-2026-28759
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
UBUNTU-CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
CVE-2026-43453 netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
CVE-2026-43453
CVE-2026-43453 is a Linux kernel issue in the netfilter nft_set_pipapo path. The bug is a stack out-of-bounds read in pipapo_drop(), where rulemap[i+1].n is passed to pipapo_unmap() on every iteration, including the last when i == m->field_count-1. This reads past the end of the stack-allocate...
CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
Linux Distros Unpatched Vulnerability : CVE-2026-43453
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration,...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the pipapo Drop function in the netfilter nftsetpipapo component. During each iteration, the rulemapi+1...
PT-2026-39114
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.10 through 6.19 Description A stack out-of-bounds read exists in the nftables pipapo set backend within the pipapo drop function. The issue occurs because the function passes rulemapi + 1.n to pipapo unmap as the to...
EUVD-2026-27637
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...
CVE-2026-43114
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...