kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK

In the Linux kernel, the following vulnerability has been resolved: afpacket: fix vlangettci vs MSGPEEK Blamed commit forgot MSGPEEK case, allowing a crash 1 as found by syzbot. Rework vlangettci to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988840)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988840 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154xmitcomplete helper is no...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988822)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988822 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988701)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988701 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdpncisend fdpncisend will call fdpncii2cwrite that will n...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988726 advisory. In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qedebuildskb assumes buildskb always works and goes...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988736 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing,...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: bpf, cpumap: Handle skb as well when cleaning up ptrring. The following warning was reported when running xdpredirectcpu with both skbmode and stressmode enabled: ------------ Cut here ------------ Incorrect XDP memory type...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: Staging: gdm724x: fixed the use of a variable after it is freed in gdmlterx. The netifrxni function frees the skb, so we cannot dereference it to save the skb-len...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fixed a possible memory leak in the mt7915mcuaddsta routine. The allocated skb was freed in the mt7915mcuaddsta routine in case of failures...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hcidevcdappend would free the skb on error so the caller don't have to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: gro: fixed ownership transfer If packets are received using GRO, they may be segmented later on and continue their journey within the stack. In skbSegmentlist, these segments can be reused as they are. This is a problem because...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fixed a potential memory leak in bcmaspxmit. The bcmaspxmit function returns NETDEVTXOK without freeing the skb object in case of mapping failures. Add devkfreeskb to address this issue...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fixed a potential use-after-free in hix5hd2rx. The skb is passed to npapigroreceive, which may free it. After calling this function, dereferencing the skb may trigger a use-after-free...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: net/sched: actct: fix skb leak and crash on ooo frags actct adds skb-users before defragmentation. If frags arrive in order, the reference of the last frag is reset in inetfragreasmprepare, skbmorph. This is not straightforwar...

kernel: net: usb: smsc75xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...

CVE-2025-40053

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle failure of netdevallocskbipalign. If the allocation failed, dereferencing skb-protocol could lead to a NULL pointer dereference. This patch tries to...

CVE-2025-40053 net: dlink: handle copy_thresh allocation failure

In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copythresh allocation failure The driver did not handle failure of netdevallocskbipalign. If the allocation failed, dereferencing skb-protocol could lead to a NULL pointer dereference. This patch tries to...

EUVD-2023-60007

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12kmacophwscan In ath12kmacophwscan, the return value of kzalloc is directly used in memcpy, which may lead to a NULL pointer dereference on failure of kzalloc. Fix this bug by...

kernel: net: usb: smsc75xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...

CVE-2025-39984

In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...