PT-2026-42453

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel panic can occur in the Linux kernel when a Random Early Detection RED queueing discipline qdisc has children, such as a Fair Queueing FQ qdisc, whose peek callback is qdisc peek...

SUSE-SU-2026:1770-1 Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.133 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-71066: net/sched: ets: Always remove class...

SUSE-SU-2026:21527-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange bsc1258005. - CVE-2026-23004: dst: fix races in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipvti: A potential issue related to slab-use-after-free has been fixed in decodesession6. When the ipvti device is set as a qdisc of the sfb type, the cb field of the sent skb may be modified during enqueueing. This can lead to a...

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014347 advisory. In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdi...

Linux Kernel ETS Scheduler Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Qdisc...

SUSE SLES15 Security Update : kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1236-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1236-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: -...

EUVD-2026-18698

In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit Whenever a TEQL devices has a lockless Qdisc as root, qdiscreset should be called using the seqlock to avoid racing with the datapath. Failure to do so may cause crashes like the...

PT-2026-30144

Name of the Vulnerable Software and Affected Versions Linux kernel versions 7.0.0-rc3 through 7.0.0-rc3 Description The Linux kernel contains a flaw in the TEQL Traffic Equation Queue Length scheduler. Specifically, a double-free issue exists in the teql master xmit function when a TEQL device ha...

CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs

In the Linux kernel, the following vulnerability has been resolved: net: sched: avoid qdiscresetalltxgt vs dequeue race for lockless qdiscs When shrinking the number of real tx queues, netifsetrealnumtxqueues calls qdiscresetalltxgt to flush qdiscs for queues which will no longer be used...

Siemens SIMATIC S7-1500 Improper Input Validation(CVE-2025-38457)

In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...

CVE-2026-23105 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

CVE-2026-23074 net/sched: Enforce that teql can only be used as root qdisc

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario th...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38107)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38107 advisory. - In the Linux kernel, the following vulnerability has been resolved: netsched: ets: fix a race in...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37797)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37797 advisory. - In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability ...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38115)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38115 advisory. - In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: fix a potential crash ...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: riscv, bpf: Sign extension for struct ops correctly handles return values. The nsbpfqdisc selftest triggers a kernel panic: Unable to handle kernel paging request at virtual address ffffffffa38dbf58. Current testprogs pgtable:...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992760)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992760 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free...

kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...

kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...