835 matches found
kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange [email protected] says: The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. It leads to UAF on stru...
kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange [email protected] says: The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. It leads to UAF on stru...
kernel: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange [email protected] says: The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. It leads to UAF on stru...
The vulnerability of the ets_qdisc_change() function in the net/sched/sch_ets.c module of the network/sched/sch_ets.c subsystem of the Linux operating system’s networking subsystem allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the etsqdiscchange function in the net/sched/schets.c file, within the network scheduling subsystem of the Linux kernel, relates to operations involving resources after their expiration. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
SUSE CVE-2026-53091
In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...
Linux Distros Unpatched Vulnerability : CVE-2026-53079
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the...
CVE-2026-53079
In the Linux kernel, the following vulnerability has been resolved: netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the root qdisc do not implement the TCQFDEQUEUEDROPS flag the packets que...
CVE-2026-52997
In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...
CVE-2026-53091
The CVE-2026-53091 issue concerns the Linux kernel’s handling of GSO packet headers during qdisc_pkt_len_segs_init(). The root cause is that many ndo_start_xmit() paths assume headers are already in skb->head, while tso_build_hdr() may copy from skb->data, and qdisc_pkt_len_segs_init() diss...
CVE-2026-53091 net: pull headers in qdisc_pkt_len_segs_init()
In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...
EUVD-2026-38959
In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...
CVE-2026-53079
CVE-2026-53079 concerns the Linux kernel net_sched subsystem. The issue is a memory leak in skb handling during deferred qdisc drops: when qdisc_run_end cleans the deferred list it operates on the root qdisc, and if the root does not implement the TCQ_F_DEQUEUE_DROPS flag, packets queued to free ...
EUVD-2026-38947
In the Linux kernel, the following vulnerability has been resolved: netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the root qdisc do not implement the TCQFDEQUEUEDROPS flag the packets que...
CVE-2026-53079 net_sched: fix skb memory leak in deferred qdisc drops
In the Linux kernel, the following vulnerability has been resolved: netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the root qdisc do not implement the TCQFDEQUEUEDROPS flag the packets que...
CVE-2026-52997
The CVE-2026-52997 issue affects the Linux kernel’s net/sched sch_dualpi2 qdisc. The root cause was that dualpi2_change() could attempt to dequeue from the C-queue even when it was empty while packets resided in the L-queue, leading to a NULL skb dereference during limit/memlimit enforcement. The...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove the class from the active list before deleting it in etsqdiscchange. The vulnerability is a race condition between etsqdiscdequeue and etsqdiscchange. This causes a Use-After-Freeze UAF error on the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove a drr class from the active list if it changes to strict. Whenever a user issues a ets qdisc change command, transforming a drr class into a strict one, the ets code does not check whether that class was in...
PT-2026-51985
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the handling of Generic Segmentation Offload GSO packet headers. The qdisc pkt len segs init function fails to properly pull headers into the expected memory location,...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: It is enforced that teql can only be used as a root qdisc. The design intent of teql is that it is only supposed to be used as a root qdisc. Therefore, we need to ensure this constraint is respected. Although not very...
Siemens RUGGEDCOM RST2428P NULL Pointer Dereference (CVE-2026-22976)
In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...