818 matches found
EUVD-2026-38959
In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...
EUVD-2026-38947
In the Linux kernel, the following vulnerability has been resolved: netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the root qdisc do not implement the TCQFDEQUEUEDROPS flag the packets que...
CVE-2026-52997
The CVE-2026-52997 entry documents a Linux kernel net/sched vulnerability in sch_dualpi2 (dualpi2_change) where the code could dereference a NULL skb when switching backlog/memlimit if packets were queued in the L-queue while the C-queue was empty. The fix enforces correct queue draining by: (1) ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: It has been ensured that teql can only be used as a root qdisc. The design intention of teql is that it should only be used as a root qdisc. Therefore, we need to ensure this constraint is respected. Although not very...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock issues When trace-type.bit6 is set: if trace-type.bit6 ... queue = skbgettxqueuedev, skb; qdisc = rcudereferencequeue-qdisc; This code can lead to an out-of-bounds access of the dev-tx array...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/sched: fixed the lockdep issue in qdisctreereducebacklog The qdisctreereducebacklog function is called with the qdisc lock held, not RTNL. We must use qdisclookuprcu instead of qdisclookup. syzbot reported: WARNING:...
Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netsched: ets: A double addition of the classifier was corrected in the class, where netem is a child qdisc. As described in Gerrard’s report 1, there are use cases where a netem child qdisc can make the enqueue callback of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: do not peek at classes beyond ‘nbands’ When the number of DRR classes decreases, the round-robin active list may contain elements that have already been freed in etsqdiscchange. As a result, it’s possible to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion’s patch 1 uncovered an ancient bug in the qdisc API. Whenever a user creates or modifies a qdisc with another qdisc as its parent, the qdisc API will detect that...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisctreereducebacklog on TCHROOT In qdisctreereducebacklog, Qdiscs with the major handle ffff: are assumed to be either root or ingress. This assumption is incorrect, as it is possible to create egress Qdiscs wit...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In a rather strange API design decision, qdisc-destroy is called even if qdisc-init never succeeded. This isn’t exclusive to the commit 87b60cfacf9f “netsched:...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: schcake: A out-of-bounds access issue was fixed during the parsing of TCP options and headers. The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length of the data...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: sched: sfb: Fixed an issue where a null pointer access occurred when sfbinit failed. When the default qdisc is sfb, if the qdisc of devqueue fails to be initialized during mqprioinit, sfbreset is invoked to clear resource...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove a drr class from the active list if it changes to strict. Whenever a user issues a ets qdisc change command, transforming a drr class into a strict one, the ets code does not check whether that class was in...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: schhtb: Make htbqlennotify idempotent. htbqlennotify always disactivates the HTB class, and actually might trigger a warning if it is already disactivated. Therefore, it is not idempotent and is not friendly to its callers, like...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog. The qdisctreereducebacklog function only notifies the parent qdisc if the child qdisc becomes empty. Therefore, we need to reduce the backlog of the child qdisc before calli...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/sched: schets: do not remove idle classes from the round-robin list Shuang reported that the following scripts cause issues when executed: 1 tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when bufferlimit is set to bufferlimit. The following setup can trigger a warning in htbactivate due to the condition: !cl-leaf.q-q.qlen. Example command: bash tc qdisc del dev lo root...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netsched: ets: fix a race in etsqdiscchange Gerrard Tai reported a race condition in ETS, whenever the SFQ perturb timer fires at the wrong time. The race sequence is as follows: CPU 0 CPU 1 1: lock root 2: qdisctreeFlushBacklog ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15, and Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netsched: drr: A double addition was corrected in the class, where netem is a child qdisc. As described in Gerrard’s report 1, there are use cases where a netem child qdisc can make the parent qdisc’s enqueue callback reentrant. ...