EUVD-2026-38715

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfqueue: hold bridge skb-dev while queued brpassframeup rewrites skb-dev from the ingress port to the bridge master before queueing bridge LOCALIN packets. NFQUEUE only holds references on state.in/out and bridge...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: mana: Fixed error handling for TX CQE messages. For an unknown type of TX CQE error likely due to newer hardware, still free the SKB, update the queue tail, etc. Otherwise, the accounting data will be incorrect...

PT-2026-43723

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The ib uverbs post send function uses the wqe size variable from userspace without validation before passing it to kmalloc. If a small value is provided for wqe size, the system may...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a physical SQE boundary-checking error involving a 128-byte operation in iouring, potentially...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/rxe: Returns a CQE error if an invalid lkey is provided. RXE fails to update the WQE status in cases of LOCALwrite failures. This caused the following kernel panic if someone performed an atomic operation with an explicit...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed a issue where a “use-after-free” condition could occur during an interrupt. During a destroy CQ operation, an interrupt may cause the processing of a CQE to occur after the resources managed by irdmacqfreersrc...

kernel: io_uring: prevent opcode speculation

In the Linux kernel, the following vulnerability has been resolved: iouring: prevent opcode speculation sqe-opcode is used for different tables, make sure we santitise it against speculations...

UBUNTU-CVE-2023-54030

In the Linux kernel, the following vulnerability has been resolved: iouring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenario OOM the task...

EUVD-2025-36481

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...

CVE-2025-40047 io_uring/waitid: always prune wait queue entry in io_waitid_wait()

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...

PT-2025-44115

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s io uring/waitid functionality. Specifically, the io waitid wait function did not consistently remove its entry from the wait queue entry list upon a...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-384118)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-384118 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA...

UBUNTU-CVE-2023-53539

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix incomplete state save in rxerequester If a send packet is dropped by the IP layer in rxerequester the call to rxexmitpacket can fail with err == -EAGAIN. To recover, the state of the wqe is restored to the state...

net: mana: Fix TX CQE error handling

...

SUSE CVE-2025-38158

In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware registers, we found that the...

CVE-2025-38002 io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo()

In the Linux kernel, the following vulnerability has been resolved: iouring/fdinfo: grab ctx-uringlock around iouringshowfdinfo Not everything requires locking in there, which is why the 'haslock' variable exists. But enough does that it's a bit unwieldy to manage. Wrap the whole thing in a...

kernel: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink

In Linux kernel net/mlx5e, for SHAMPO, it is possible to receive CQEs with 0 consumed strides for the same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the same wqe which corrupts the linked list...

SUSE CVE-2022-49858

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix SQE threshold checking Current way of checking available SQE count which is based on HW updated SQB count could result in driver submitting an SQE even before CQE for the previously transmitted SQE at the same...

DEBIAN-CVE-2025-23154

In the Linux kernel, the following vulnerability has been resolved: iouring/net: fix ioreqpostcqe abuse by send bundle 114.987980 T5313 WARNING: CPU: 6 PID: 5313 at iouring/iouring.c:872 ioreqpostcqe+0x12e/0x4f0 114.991597 T5313 RIP: 0010:ioreqpostcqe+0x12e/0x4f0 115.001880 T5313 Call Trace:...

PT-2025-3661 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the RDMA/bnxt re component in the Linux kernel, where the maximum number of SGEs Scatter-Gather Elements for a Work Request is not properly handled. Specifically, Ge...