kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021640 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1...

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag - kernel Linux critical Vulnerability- CVE-2026-432...

SUSE CVE-2026-43016

In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...

CVE-2026-43244

A flaw was found in the Linux kernel's Kernel Connection Multiplexer KCM module. A local user could trigger an issue where, during partial sendmsg operations, an empty network buffer skb is incorrectly left in the fraglist. A subsequent zero-length write operation can then cause a kernel warning,...

EUVD-2026-27807

In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...

CVE-2026-43244

CVE-2026-43244 affects the Linux kernel KCM (Kernel Connection Multiplexer). The issue arises during partial sendmsg operations: when kcm_sendmsg fills MAX_SKB_FRAGS, it allocates a new skb in frag_list and may copy data; if the copy fails, the new tail skb can have zero frags, leaving an empty e...

CVE-2026-43244

In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...

CVE-2026-43244

In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in fraglist on partial sendmsg error Syzkaller reported a warning in kcmwritemsgs when processing a message with a zero-fragment skb in the fraglist. When kcmsendmsg fills MAXSKBFRAGS fragments in the curre...

PT-2026-37584

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Kernel Connection Multiplexor KCM where a zero-fragment socket buffer skb can remain in the frag list during a partial sendmsg error. When kcm sendmsg fills the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv4, ipv6: Fixed the handling of transhdrlen in ip,6appenddata. Including transhdrlen in the packet length is a problem when the packet is partially filled e.g., a sendMSGMORE operation occurred previously when appending to a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed an issue of signed integer overflow in l2tpip6sendmsg. When len = INTMAX - transhdrlen, the value of ulen = len + transhdrlen will cause an overflow. To address this issue, we can follow the approach used by udpv6 and...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - rxrpc: Fixed the locking mechanism in rxrpc’s sendmsg function. - Three bugs were fixed in the implementation of rxrpc’s sendmsg function: 1 The rxrpcnewclientcall function should release the socket lock when returning an...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a memory leak in tcpbpfsendmsg when skmsg is full. If tcpbpfsendmsg is running while skmsg is full, and skmsgalloc returns an -ENOMEM error, tcpbpfsendmsg will enter a waitformemory state. If part of the...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: IB/hfi1: Fixed the off-by-one error in sdma.h’s tx-numdescs. Unfortunately, the commit fd8958efe877 introduced another error, causing the descs array to overflow. This leads to further crashes that can be easily reproduced usi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: kcm: Fixed error handling for SOCKDGRAM in kcmsendmsg. Syzkaller identified a memory leak in kcmsendmsg, and the commit c821a88bd720 "kcm: Fix memory leak in the error path of kcmsendmsg" suppressed this issue by updating...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: llc: Makes llcuisendmsg more robust against changes related to bonding. syzbot was able to exploit llcuisendmsg, allocating a skb without sufficient headroom, and then attempting to append 14 bytes of Ethernet header information...

CVE-2026-43043

A flaw was found in the Linux kernel's af-alg subsystem. When the AFALG interface chains a new afalgtsgl structure, it fails to unmark the end of a Scatter/Gather List SGL. This can lead to a NULL pointer dereference during a subsequent sendmsg operation, causing a kernel panic and resulting in a...

CVE-2026-31774

The CVE-2026-31774 issue affects the Linux kernel io_uring/net path. A 32-bit length value (sqe->len) is stored into sr->len (int), allowing values above INT_MAX (e.g., 0xFFFFFFFF) to overflow and propagate through the bundle recv/send path. This can cause a slab-out-of-bounds read in io_bu...

CVE-2026-31608

CVE-2026-31608 affects the Linux kernel SMB server. The issue is a double-free in smb_direct_free_sendmsg when invoked after smb_direct_flush_send_list(); smb_direct_flush_send_list() already calls smb_direct_free_sendmsg(), so a second call after post_sendmsg() is incorrect. The fix moves the ca...