122 matches found
CVE-2026-52974
A flaw was found in the Linux kernel's network Transport Layer Security TLS module. Specifically, a memory leak occurs during the setup of receive offload when a particular function fails. This issue can lead to the gradual consumption of system memory. If exploited repeatedly, this could result ...
CVE-2026-53235
Summary of technical details (CVE-2026-53235) : The Linux kernel GRO receive path had a bug in skb_gro_receive_list() where skb_pull(skb, skb_gro_offset(skb)) could run without ensuring the data is linear (missing pskb_may_pull() guard). When packets arrive via napi_gro_frags(), skb_headlen can b...
CVE-2026-52974
Summary of CVE-2026-52974 (Linux kernel net: tls): The leak is a memory leak in the TLS offload RX path where, if tls_set_device_offload_rx() fails in tls_dev_add(), the cleanup path does not free the anchor skb allocated in tls_strp_init(). This occurs in the “failed to start offload” code path ...
kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo,echotxevent: The shift timestamp is now set to full 32 bits. In commit 1be37d3b0414 “can: mcan: fix periph RX path: use rx-offload to ensure that packets are sent from the softirq context”, the RX path for...
SUSE CVE-2026-46323
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
CVE-2026-46323
A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...
CVE-2026-46323
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
UBUNTU-CVE-2026-46323
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
EUVD-2026-35413
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...
CVE-2026-46323
CVE-2026-46323 affects the Linux kernel’s networking GRO path. The issue occurs in skb_gro_receive() where fragments can be copied between the source and GRO skbs without respecting zerocopy status, notably when SKBFL_MANAGED_FRAG_REFS is set. When this flag is present, pages in shinfo->frags ...
PT-2026-47760
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The skb gro receive function fails to check the zerocopy status, specifically the SKBFL MANAGED FRAG REFS flag, when copying fragments between the source and Generic Receive Offload GRO...
CLSA-2026-1778867412 kernel: Fix of CVE-2026-46300
net: skbuff: propagate shared-frag marker through skbgroreceive + skbshift CVE-2026-46300 - Revert "net: gro: propagate SKBFLSHAREDFRAG through skbgroreceive"...
Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014322)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014322 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's...
Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-011338)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011338 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's...
EUVD-2026-12884
In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...
DEBIAN-CVE-2026-23254
In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...
CVE-2026-23254
In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...
CVE-2026-23254
In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...