204 matches found
UBUNTU-CVE-2026-53233
In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdevnlbindrxdoit Sashiko flags that genlmsgreply always consumes the skb. The error path calls nlmsgfreersp so we can't jump directly to it. Let's not unbind, just propagate the error to the user. Thi...
CVE-2026-53216
The CVE-2026-53216 issue affects the Linux kernel mvpp2 XDP path. Short pool buffers can be smaller than PAGE_SIZE, yet XDP initially sets every xdp_buff frame size to PAGE_SIZE. The XDP helpers then use frame_sz to validate tail growth, which, with an oversized frame, can allow bpf_xdp_adjust_ta...
CVE-2026-53216
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...
EUVD-2026-39307
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX buffer mvpp2 has short and long BM pools, and short pool buffers can be smaller than PAGESIZE. The XDP path nevertheless initializes every xdpbuff with PAGESIZE as frame size. XDP helper...
EUVD-2026-39274
In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In MPTCP connection, the window field in the TCP header refers to the MPTCP-level rcvnxt and it's right edge should not move backward. Such constraint is enforced at DSS option generation...
PT-2026-52328
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the netdev nl bind rx doit function. This occurs because genlmsg reply always consumes the socket buffer skb, but the error path incorrectly calls nlmsg...
PT-2026-52311
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 driver where the XDP path initializes every xdp buff with PAGE SIZE as the frame size, regardless of whether the buffer is from a short or long BM pool...
PT-2026-51976
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the sixpack receive buf function where bytes with TTY error flags are not properly skipped. The function iterates through the flags buffer without advancing the data...
EUVD-2026-36661
nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recvmsgheader function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length fiel...
CVE-2026-46332
In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352bootloaderrx appends each serdev chunk into the fixed rxbuffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may recei...
EUVD-2026-35432
In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352bootloaderrx appends each serdev chunk into the fixed rxbuffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may recei...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the greybus gb-beagleplay driver. In this driver, the cc1352bootloaderrx function does not check...
SUSE CVE-2026-45889
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
EUVD-2026-32355
In the Linux kernel, the following vulnerability has been resolved: mptcp: do not account for OoO in mptcprcvbufgrow MPTCP-level OoOs are physiological when multiple subflows are active concurrently and will not cause retransmissions nor are caused by drops. Accounting for them in mptcprcvbufgrow...
CVE-2026-45889
mptcp: do not account for OoO in mptcprcvbufgrow...
PT-2026-43756
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Multipath TCP MPTCP implementation where accounting for Out-of-Order OoO packets in the mptcp rcvbuf grow function causes the receive buffer to drift toward tcp...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect processing of out-of-order data during the mptcp receive buffer expansion. This can...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: iavf: Fixed the handling of dummy receive descriptors. Fixed a memory leak caused by improper handling of dummy receive descriptors. iavfgetrxbuffer now sets the rxbuffer return value for dummy receive descriptors. Without thi...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: SPI: sun6i – Fixing the race condition between DMA RX transfer completion and RX FIFO drain. Previously, the transfer-completion interrupt would immediately drain the RX FIFO to read any remaining data in the FIFO into the RX...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: Allocate the receive skb before consuming bytes. The s3fwrn82uartread function reports the number of accepted bytes to the serdev core. The current code consumes bytes into the recvskb, and may have already delivere...