Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In the TCP layer, the secpath process is dropped simultaneously with the current dropping of the dst. Xiumei reported encountering a warning in xfrm6tunnelnetexit while running tests that involve creating a pair of netns, running...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-1366)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : tcpbpf: Call skmsgfree when tcpbpfsendverdict fails to allocate psock-cork.CVE-2025-39913 md: fix rcu protection in mdwakeupthreadCVE-2025-68374...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21864)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21864 advisory. - In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-21864)

In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove the skbsecpath if the xfrm state is not found. The hardware returns a unique identifier for the decrypted packet’s xfrm state. This state is looked up in an xarray. However, the state might have been freed by th...

EUVD-2025-7601

Malicious code in bioql PyPI...

EUVD-2025-5215

Malicious code in bioql PyPI...

EUVD-2025-27919

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an...

SUSE CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

DEBIAN-CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

AZL-71030 CVE-2025-38590 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

AZL-66452 CVE-2025-38590 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

UBUNTU-CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38590

CVE-2025-38590 is a Linux kernel vulnerability in the Mellanox mlx5e path. The issue occurs when a hardware decrypted packet’s xfrm state is not found in an xarray, leaving the skb secpath (sp) extension intact. Downstream code may dereference an invalid secpath, causing a crash in __xfrm_policy_...

CVE-2025-38590 net/mlx5e: Remove skb secpath if xfrm state is not found

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38590 net/mlx5e: Remove skb secpath if xfrm state is not found

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

CVE-2025-38590

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state, this state is looked up in an xarray. However, the state might have been freed by the time of this...

PT-2025-33788

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc7 for upstream min debug 2025 05 27 22 44 Description: A flaw exists in the Linux kernel's net/mlx5e module related to handling XFRM eXact Forwarding Path states during packet decryption. Specifically, ...