PT-2025-38458

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of transport header magic values within the skb partial csum set function. Specifically, the code does not prevent callers from...

UBUNTU-CVE-2023-53315

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fix SKB corruption in REO destination ring While running traffics for a long time, randomly an RX descriptor filled with value "0" from REO destination ring is received. This descriptor which is invalid causes the...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpifetchacpidev return value CVE-2022-50327 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps CVE-2024-49861 In the Linux...

CVE-2022-50321

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmfnetdevstartxmit The brcmfnetdevstartxmit returns NETDEVTXOK without freeing skb in case of pskbexpandhead fails, add devkfreeskb to fix it. Compile tested only...

DEBIAN-CVE-2022-50321

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix potential memory leak in brcmfnetdevstartxmit The brcmfnetdevstartxmit returns NETDEVTXOK without freeing skb in case of pskbexpandhead fails, add devkfreeskb to fix it. Compile tested only...

DEBIAN-CVE-2022-50248

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double free on tx path. We see kernel crashes and lockups and KASAN errors related to ax210 firmware crashes. One of the KASAN dumps pointed at the tx path, and it appears there is indeed a way to...

CVE-2023-53186 skbuff: Fix a race between coalescing and releasing SKBs

In the Linux kernel, the following vulnerability has been resolved: skbuff: Fix a race between coalescing and releasing SKBs Commit 1effe8ca4e34 "skbuff: fix coalescing for pagepool fragment recycling" allowed coalescing to proceed with non page pool page and page pool page when @from is cloned,...

CVE-2022-50248

CVE-2022-50248 is a Linux kernel vulnerability affecting the iwlwifi/iwl mvm TX path where a double-free of skb can occur. The issue arises when iwl_mvm_tx_skb_sta returns non-zero and the skb is freed, but a TSO skb buffer may also be freed in an error path; the fix is to return 0 in that error ...

kernel: net: usb: smsc75xx: Limit packet length to skb->len

In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb-len Packet length retrieved from skb data may be larger than the actual socket buffer length up to 9026 bytes. In such case the cloned skb passed up the network stack will leak kerne...

PT-2025-37641

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a memory leak in the ath9k hif usb rx stream function within the ath9k USB Host Interface HIF driver. Syzkaller detected that when processing skbs socket...

PT-2025-37502

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a vulnerability in the iwlwifi MVM subsystem that can lead to a double free on the transmit path. This issue can cause kernel crashes, lockups, and KASAN...

net, hsr: reject HSR frame if skb can't hold tag

...

DEBIAN-CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

UBUNTU-CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

CVE-2025-39703 net, hsr: reject HSR frame if skb can't hold tag

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the net/hsr module not rejecting HSR frames when the skb cannot hold the tag...

tcp: Correct signedness in skb remaining space calculation

...

ipvlan: ensure network headers are in skb linear part

...

PT-2025-40071

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's networking subsystem, specifically within the Xilinx Axienet driver. Insufficient error handling during retrieval of RX metadata pointers can lead to...

kernel: can: peak_usb: fix use after free bugs

In the Linux kernel, the following vulnerability has been resolved: can: peakusb: fix use after free bugs After calling peakusbnetifrxniskb, dereferencing skb is unsafe. Especially, the canframe cf which aliases skb memory is accessed after the peakusbnetifrxni. Reordering the lines solves the...