CVE-2026-46123

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Ensure that the received length does not exceed the allocated size. In xdplinearizepage, when reading the following buffers from the ring, we forget to check the received length against the actual allocated size. This...

CVE-2026-23178

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2chidgetreport i2chidxfer is used to read recvlen + sizeofle16 bytes of data into ihid-rawbuf. The former can come from the userspace in the hidraw driver and is only bounded by...

SUSE CVE-2025-40292

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 "virtio-net: use mtu size as buffer length for big packets", when guest gso is off, the allocated size for big packets is not MAXSKBFRAGS PAGESIZE...

EUVD-2025-201652

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 "virtio-net: use mtu size as buffer length for big packets", when guest gso is off, the allocated size for big packets is not MAXSKBFRAGS PAGESIZE...

CVE-2025-40292 virtio-net: fix received length check in big packets

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 "virtio-net: use mtu size as buffer length for big packets", when guest gso is off, the allocated size for big packets is not MAXSKBFRAGS PAGESIZE...

CVE-2025-40292

CVE-2025-40292 affects the Linux kernel virtio-net receive path. After a change where big-packet buffer size depends on negotiated MTU (instead of MAX_SKB_FRAGS * PAGE_SIZE) and the host can announce a malicious length, a received length check could dereference a NULL page when processing oversiz...

CVE-2025-40292 virtio-net: fix received length check in big packets

In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix received length check in big packets Since commit 4959aebba8c0 "virtio-net: use mtu size as buffer length for big packets", when guest gso is off, the allocated size for big packets is not MAXSKBFRAGS PAGESIZE...

PT-2025-49425

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the virtio-net component of the Linux kernel related to the handling of received packet lengths in large packets. A change introduced by commit 4959aebba8c0 altered how...

EUVD-2025-22628

Malicious code in bioql PyPI...

virtio-net: ensure the received length does not exceed allocated size

...

SUSE CVE-2025-38375

In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdplinearizepage, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to an...