57 matches found
CVE-2026-53220
A flaw was found in the Linux kernel's netfilter component. A local attacker could exploit a NULL pointer dereference vulnerability in the ebtredirecttg function. This occurs when a bridge port is removed and a packet is reinjected into NFQUEUE, leading to a kernel panic and a Denial of Service D...
EUVD-2026-39311
In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...
CVE-2026-52947
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...
UBUNTU-CVE-2026-52925
In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...
EUVD-2026-38728
In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...
CVE-2026-52925
In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...
CVE-2026-52925
The CVE-2026-52925 entry relates to the Linux kernel VRF handling. The vulnerability arose from a race where an RCU reader identifying a net device as a VRF port could dereference l3mdev operations of a master device (e.g., a bridge) after netdev_master_upper_dev_get_rcu() returned it as a VRF de...
PT-2026-51841
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the qrtr port remove function where the socket reference count is decremented using sock put before the port is removed from the qrtr ports XArray and before the RCU...
PT-2026-51718
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Null Pointer Dereference NPD can occur when removing a port from a Virtual Routing and Forwarding VRF instance. RCU readers using netif is l3 slave may incorrectly assume that netdev...
Linux Distros Unpatched Vulnerability : CVE-2026-52925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent ca...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rapidio: rio: Fixed a possible name leak in rioregistermport. If deviceregister returns an error, the name allocated by devsetname needs to be freed. This should be done using putdevice, so that the reference in the error path is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fixed the race condition involving the deleteendpoint function and the unregistration of parent ports. The CXL subsystem establishes a lineage of ports struct cxlport objects between an endpoint and the root of a CXL...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Net: Bridge: mcast: Wait for previous GC cycles when removing a port The syzbot encountered a use-after-free issue1. This issue occurs because the bridge does not ensure that all previous garbage collection cycles are completed...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in the port.c:disablestore function. The usbhubtostructhub function may return NULL if the hub to which the port belongs i...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fixed the use of memory after freeing it in scsihexpandernoderemove. The function mpt3sastransportportremove called within scsihexpandernoderemove frees the port field of the sasexpander structure. This leads to a...
Linux Distros Unpatched Vulnerability : CVE-2026-31530
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cxl/port: Fix use after free of parentport in cxldetachep cxldetachep is called during bottom-up removal when all CXL memory devices beneath a switch port have...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011261)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011261 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013040)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013040 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote...
kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init
A flaw was found in the Linux kernel's bridge multicast functionality. A local user could trigger a use-after-free vulnerability, a type of memory corruption, by improperly configuring network bridge router ports. This issue arises because the system fails to correctly remove ports from its...
SUSE CVE-2026-23164
In the Linux kernel, the following vulnerability has been resolved: rocker: fix memory leak in rockerworldportpostfini In rockerworldportpreinit, rockerport-wpriv is allocated with kzallocwops-portprivsize, GFPKERNEL. However, in rockerworldportpostfini, the memory is only freed when...