kernel: Linux kernel: Use-after-free in BPF sockmap can lead to denial of service and privilege escalation

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter sockmap subsystem. A race condition exists where the sksocket is not properly locked or referenced during the skbsendsock function call, allowing for a use-after-free vulnerability. This can be exploited by a local attacker, leadin...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Rejects redirects of skmsg messages to non-TCP sockets With a SOCKMAP/SOCKHASH map and a skmsg program, users can direct messages sent from one TCP socket s1 to actually exiting from another TCP socket s2...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: BPF: sockmap: Fixed a use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported a use-after-free of the UNIX socket’s sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer’s -skdataready is call...

kernel: bpf: fix ktls panic with sockmap

In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap 2172.936997 ------------ cut here ------------ 2172.936999 kernel BUG at lib/ioviter.c:629! ...... 2172.944996 PKRU: 55555554 2172.945155 Call Trace: 2172.945299 2172.945428 ? die+0x36/0x90...

kernel: bpf: fix ktls panic with sockmap

In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap 2172.936997 ------------ cut here ------------ 2172.936999 kernel BUG at lib/ioviter.c:629! ...... 2172.944996 PKRU: 55555554 2172.945155 Call Trace: 2172.945299 2172.945428 ? die+0x36/0x90...

ALSA-2026:18587 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bonding: check xdp prog when set bond mode CVE-2025-22105 kernel: block: fix resource leak in blkregisterqueue error path CVE-2025-37980 kernel: dmaengine: idxd: fix memory leak in error...

ALSA-2026:18134 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tcpbpf: Fix the skmemuncharge logic in tcpbpfsendmsg CVE-2024-56633 kernel: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop CVE-2025-21839 kernel: block: fix resour...

SUSE CVE-2026-43016

In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of the tcpbpfprots when cloning a listener. A listening socket linked to a sockmap has its skprot overridden. It points to one of the struct proto variants in tcpbpfprots. This variant depends on the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: BPF, sockmap: Prevent lock inversion deadlock in mapdeleteelem operation. The syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Since BPF tracing programs can be invoked fr...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a race condition in sockmapfree. sockmapfree calls releasesocksk without owning a reference to the socket. This could lead to a use-after-free, as syzbot identified this issue 1. Jakub Sitnicki already...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed a memory leak in skpsockqueuemsg. If tcpbpfsendmsg is running during a cleanup operation, we might enqueue data onto the ingress msg queue while trying to free it. sk1 redirected to sk2 -------------------...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed issues where data was not being charged when msg-sg.size contained more data. In tcpbpfsendverdict: If msg-sg.size contains more data after tcpbpfsendmsgredir: c tcpbpfsendverdict tosend = msg-sg.size...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Fixed the warning related to sk-skforwardalloc in skstreamkillqueues. When running testsockmap in selftests, the following warning appears: WARNING: CPU: 2 PID: 197 at net/core/stream.c:205...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fixed the issue where the memory of skmsg was charged twice. If tcpbpfsendmsg is running during a cleanup operation, psock may be freed. c tcpbpfsendmsg tcpbpfsendverdict skmsgreturn tcpbpfsendmsgredir unlikely!psoc...

Linux Distros Unpatched Vulnerability : CVE-2026-43016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use- after-free of AFUNIX socket's sk-sksocket in...

CVE-2026-43016

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter sockmap component. This vulnerability, a use-after-free, occurs due to improper management of AFUNIX socket objects within the skpsockverdictdataready function. A local attacker could exploit this issue by sending specially crafted...

EUVD-2026-26615

In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...

CVE-2026-43016

In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...

CVE-2026-43016

In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk-sksocket in skpsockverdictdataready. syzbot reported use-after-free of AFUNIX socket's sk-sksocket in skpsockverdictdataready. 0 In unixstreamsendmsg, the peer socket's -skdataready is calle...