USN-8389-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

CVE-2026-46010

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgkextracttoken Fix a missing bit of error handling in rxgkextracttoken: in the event that rxgkdecryptskb returns -ENOMEM, it should just return that rather than continuing on for anything else, it...

CVE-2026-45988 rxrpc: Fix re-decryption of RESPONSE packets

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just discarding the packe...

CVE-2026-45988

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just discarding the packe...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the processing of rxrpc connection-level data packets does not involve copying the RESPON...

CVE-2026-43500

A flaw was found in the Linux kernel's RxRPC networking subsystem. When a socket buffer carrying a page-cache reference reaches the RxRPC authentication verification path, the kernel performs an in-place decryption directly on the referenced page without first isolating the buffer. A low-privileg...

SUSE CVE-2026-31676

In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPCCONNSERVICECHALLENGING. Check that state under statelock before running response verification and...

CVE-2026-31676

In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPCCONNSERVICECHALLENGING. Check that state under statelock before running response verification and...

SUSE CVE-2026-31637

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...

CVE-2026-31631

A flaw was found in the Linux kernel, specifically within its rxrpc communication protocol. This vulnerability is a buffer overread, meaning the system attempts to read data beyond the allocated memory buffer in the rxgkdoverifyauthenticator function. This could potentially allow an attacker to...

CVE-2026-31640

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial In rxrpcpostresponse, the code should be comparing the challenge serial number from the cached response before deciding to switch to a newer response, but...

CVE-2026-31642

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet-calls list to use listdelrcu rather than listdelinit to prevent stuffing up reading /proc/net/rxrpc/calls from potentially getting into an...

EUVD-2026-25530

In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...

CVE-2026-31636

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

EUVD-2026-25529

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgkverifyauthenticator copies authlen bytes into a temporary buffer and then passes p + authlen as the parser limit to rxgkdoverifyauthenticator. Since p is a be32 , that inflate...

CVE-2026-23118

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix data-race warning and potential load/store tearing Fix the following: BUG: KCSAN: data-race in rxrpcpeerkeepaliveworker / rxrpcsenddatapacket which is reporting an issue with the reads and writes to -lasttxat in:...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414305 advisory. A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking...

EUVD-2023-33536

Malicious code in bioql PyPI...

DEBIAN-CVE-2023-53218

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

SUSE-SU-2025:02333-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. - CVE-2024-49568: net/smc: check v2extoffset/eidcnt/ismgidcnt when...