CVE-2026-53254

The CVE-2026-53254 issue affects the Linux kernel Bluetooth RFCOMM MCC handlers, where skb->data was cast to protocol-specific structs without validating skb->len. A malicious remote device can send truncated MCC frames to trigger out-of-bounds reads. The fix adds proper data validation via...

EUVD-2026-39205

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: - In pptp: ensure that the minimum skb length is properly set in pptpxmit. - Commit aabc6596ffb3 “net: ppp: Add bound checking for skb data in pppsynctxmung” fixed pppsynctxmunge. We need a similar fix in pptpxmit; otherwise, ...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firewire: In the net subsystem, a bug related to use-after-free was fixed in the fwnetfinishincomingpacket function. The netifrx function frees the skb, but we cannot dereference it to save the skb-len...

PT-2026-44309

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The virtbt rx handle function in the Bluetooth virtio bt driver fails to validate that the remaining payload length is sufficient to cover the fixed HCI header for the selected packet ty...

SUSE CVE-2026-43495

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate portcount against message length in t7xxportenummsghandler t7xxportenummsghandler uses the modem-supplied portcount field as a loop bound over portmsg-data without checking that the message buffer contai...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fixed BQL accounting for multi-BD TX packets. When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the actual length of each BD from the descriptor status into an...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mac80211: The issue in ieee80211scanrx involves checking the skb length. This code requires hard-coded compile-time constants for determining the header length check. Instead, a dynamic determination based on the frame type shoul...

SUSE CVE-2026-43031

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the per-BD actual length from descriptor status into a caller-provided...

CVE-2026-43031

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the per-BD actual length from descriptor status into a caller-provided...

CVE-2026-43031 net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the per-BD actual length from descriptor status into a caller-provided...

CVE-2026-43031

The CVE concerns the Linux kernel xilinx axienet driver. When a TX packet spans multiple buffer descriptors, the current accounting in axienet_free_tx_chain summing per-BD lengths into an accumulator can lose earlier bytes if the packet completes across different polls, causing BQL to overestimat...

EUVD-2026-26630

In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the per-BD actual length from descriptor status into a caller-provided...

CLSA-2026-1772815097 Fix of 72 CVEs

CVE-2025-38699 - scsi: bfa: Double-free fix CVE-2025-38699 CVE-2025-38697 - jfs: upper bound check of tree index in dbAllocAG CVE-2025-38697 CVE-2025-39823 - KVM: x86: use arrayindexnospec with indices that come from guest CVE-2025-39823 CVE-2025-39689 - ftrace: Also allocate and copy hash for...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005496 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcpcsend. syzbot reported the splat below. 0 vccsendms...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005503)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005503 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim...

CLSA-2026-1771241609 kernel: Fix of 13 CVEs

vsock: Do not allow binding to VMADDRPORTANY CVE-2025-38618 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - pptp: ensure minimal skb length in pptpxmit CVE-2025-38574 - ipv6: reject malicious packets in ipv6gsosegment CVE-2025-38572 -...

CLSA-2026-1771240859 kernel: Fix of 13 CVEs

vsock: Do not allow binding to VMADDRPORTANY CVE-2025-38618 - cnic: Fix use-after-free bugs in cnicdeletetask CVE-2025-39945 - scsi: bfa: Double-free fix CVE-2025-38699 - pptp: ensure minimal skb length in pptpxmit CVE-2025-38574 - ipv6: reject malicious packets in ipv6gsosegment CVE-2025-38572 -...

CLSA-2026-1771081379 kernel: Fix of 76 CVEs

HID: core: ensure the allocated report buffer can contain the reserved report ID CVE-2025-38495 - fs/proc: fix uaf in procreaddirde CVE-2025-40271 - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer CVE-2025-40269 - Bluetooth: ISO: Fix possible UAF on isoconnfree CVE-2025-40141 -...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer bsc1255576. CVE-2023-53254:...