64 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: Do not free the live element. Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. According to Pablo: addelem"00000000" timeout 100 ms …...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walking over the current view in netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on this information to determine which...
CVE-2026-43453
A flaw was found in the Linux kernel's netfilter component, specifically within the nftsetpipapo module. The pipapodrop function performs a stack out-of-bounds read. This occurs when an argument is evaluated at the call site before the function body executes, leading to a read beyond the allocate...
UBUNTU-CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
PT-2026-39114
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.10 through 6.19 Description A stack out-of-bounds read exists in the nftables pipapo set backend within the pipapo drop function. The issue occurs because the function passes rulemapi + 1.n to pipapo unmap as the to...
CVE-2026-43114
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...
CVE-2026-43114
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an error in the mask used by the nftsetpipapoavx2 function when matching expired entries, which may lead...
PT-2026-37424
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component, specifically within the nft set pipapo avx2 function. When AVX2 matching functions are used, the system may incorrectly return a non-matching...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012987)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012987 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reports a crash with large batches of...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012966)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012966 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump The generation mask can be update...
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
...
SUSE CVE-2026-23351
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible...
EUVD-2026-15323
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible...
CVE-2026-23351
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible...
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible...
CVE-2026-23351
CVE-2026-23351 affects the Linux kernel netfilter nft_set_pipapo data type. The issue is a use-after-free in the pipapo set when many elements are expired and the commit-time garbage collection (GC) can run for a long time in a non-preemptible context, triggering soft lockups and RCU stalls. The ...
CVE-2026-23351
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible...
CVE-2026-23351
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible...
Linux Distros Unpatched Vulnerability : CVE-2026-23351
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports...