CVE-2026-23074

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario th...

UBUNTU-CVE-2026-23105

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

UBUNTU-CVE-2026-23074

In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will describe the scenario th...

CVE-2026-23105

CVE-2026-23105 (Linux kernel) : A fix in the net/sched/qfq code changes the activation check of a class from relying on the child qdisc’s qlen to using cl_is_active in qfq_rm_from_ag. This patch makes activation determination more consistent and aims to prevent exploits that could manipulate chil...

EUVD-2026-5436

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

CVE-2026-23105 net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

CVE-2026-23074

CVE-2026-23074 is a Linux kernel vulnerability in net/sched teql where the teql queuing discipline may be used outside its intended root qdisc, allowing a crafted packet sequence to create a use-after-free scenario in the qfq/qos path due to queue length (qlen) handling. The root cause is that te...

kernel: i40e: add validation for ring_len param

A flaw was identified in the Intel “i40e” Ethernet driver in the Linux Kernel where the ringlen parameter supplied by a VF virtual function is passed unchecked to the hardware memory context. If a malicious Virtual function provides a too-large or misaligned ringlen, it may allow the device to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005185 advisory. In the Linux kernel, the following vulnerability has been resolved: pfifotailenqueue: Drop new packet when sch-limit == 0 Expected behaviour: In case we reach...

CVE-2026-22983

In the Linux kernel, the following vulnerability has been resolved: net: do not write to msggetinq in callee NULL pointer dereference fix. msggetinq is an input field from caller to callee. Don't set it in the callee, as the caller may not clear it on struct reuse. This is a kernel-internal varia...

PT-2026-6175

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A preventative patch was implemented to enhance code consistency and mitigate potential exploits involving child queue length qlen manipulations within the qfq Queued Fair Queueing...

PT-2026-6144

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the teql queuing discipline. The intended design of teql is for it to be used only as a root queuing discipline. The issue arises when teql ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993032)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993032 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992663 advisory. In the Linux kernel, the following vulnerability has been resolved: netsched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio...

sch_hfsc: make hfsc_qlen_notify() idempotent

...

CVE-2025-68325 net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop

In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...

CVE-2025-68325 net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop

In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...

CVE-2025-68325

In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...

CVE-2025-68325

In the Linux kernel, the following vulnerability has been resolved: net/sched: schcake: Fix incorrect qlen reduction in cakedrop In cakedrop, qdisctreereducebacklog is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cakeenqueue, assumes that the parent qdisc will enqueue t...

Linux Distros Unpatched Vulnerability : CVE-2025-40252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qlogic/qede: fix potential out-of-bounds read in qedetpacont and qedetpaend The loops in 'qedetpacont' and 'qedetpaend', iterate over 'cqe-lenlist' using...