1226 matches found
CVE-2026-53250
Linux kernel vulnerability CVE-2026-53250 in the xsk path (xsk_skb_metadata) allowed a race between reads of csum_start and csum_offset from shared UMEM memory, letting a malicious userspace overwrite values between validation and skb assignment. The fix caches csum_start and csum_offset in local...
CVE-2026-53229
The CVE-2026-53229 entries describe a Linux kernel issue in the mlx5e_xmit_xdp_buff() path of the net/mlx5e driver (XSK/XDP_TX). When sq->xmit_xdp_frame() returns false (e.g., XDPSQ full), the code returns without unmapping the DMA address or freeing the xdp_frame. The DMAAPI debug trace can s...
EUVD-2026-39320
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdpframe leak on XDPTX xmit failure In the XSK branch of mlx5exmitxdpbuff, when sq-xmitxdpframe returns false e.g. XDPSQ is full, the function returns without unmapping the DMA address or freeing the...
EUVD-2026-38875
In the Linux kernel, the following vulnerability has been resolved: ice: fix potential NULL pointer deref in error path of icesetringparam icesetringparam nullifies tstampring of temporary txrings, without clearing ICETXRINGFLAGSTXTIME bit. When ICETXRINGFLAGSTXTIME is set and the subsequent...
EUVD-2026-38840
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...
EUVD-2026-38851
In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix BQL imbalance in TX path Fix a possible BQL imbalance in airohadevxmit, where inflight packets are accounted only for the AIROHANUMTXRING netdev TX queues. The queue index is computed as: qid =...
EUVD-2026-38850
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...
EUVD-2026-38849
In the Linux kernel, the following vulnerability has been resolved: neigh: let neighxmit take skb ownership neighxmit always releases the skb, except when no neighbour table is found. But even the first added user of neighxmit mpls relied on neighxmit to release the skb or queue it for tx. sashik...
EUVD-2026-38956
In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix off-by-one in bcmgenetputtxcb The writeptr points to the next open txcb. We want to return the txcb that gets rewinded, so we must rewind the pointer first then return the txcb that it points to. That way the...
EUVD-2026-38938
In the Linux kernel, the following vulnerability has been resolved: sctp: disable BH before calling udptunnelxmitskb udptunnelxmitskb / udptunnel6xmitskb are expected to run with BH disabled. After commit 6f1a9140ecda "add xmit recursion limit to tunnel xmit functions", on the path:...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: mana: Fixed error handling for TX CQE messages. For an unknown type of TX CQE error likely due to newer hardware, still free the SKB, update the queue tail, etc. Otherwise, the accounting data will be incorrect...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking the skb structure. Upon an error, the ieee802154xmitcomplete helper function is not called. Only ieee802154wakequeue is called manually. As a result, the skb structure is leaked. Lease the sk...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ARP: RCU protection is used in arpxmit. The arpxmit function can be called without RTNL or RCU protection. RCU protection is used to avoid potential Use-After-Allocation UAF vulnerabilities...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In isotpsendmsg, cmpxchg is used to serialize access to so-tx.buf. isotprelease waits for ISOTPIDLE via waiteventinterruptible and then calls kfreeso-tx.buf. If a signal interrupts waiteventinterruptible inside close when tx.stat...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “ice”: fixed the sizing of vsi-txqmap. The approach of having XDP queues per CPU, regardless of the user’s settings, exposed a hidden bug that could occur when the number of Rx queues differs from the number of Tx queues...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: A use-after-free issue was addressed in emacmactxbufsend. In emacmactxbufsend, it calls emactxfilltpd.., skb,... If an error occurs in emactxfilltpd, the skb will be freed via devkfreeskbskb in the error branch...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: i40e: added validation for the ringlen parameter. The ringlen parameter provided by the virtual function VF is assigned directly to the hardware memory context HMC without any validation. To address this issue, a upper boundar...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x: Kill URBs before clearing the txstatusqueue In rtl8187stop, the call to usbkillanchoredurbs is moved before clearing the btxstatusqueue. This change prevents callbacks from using already freed skb because the ancho...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: “aoe”: The potential use-after-free problem has been fixed in multiple locations. Regarding the fix for CVE-2023-6270, f98364e92662 “aoe: The potential use-after-free problem has been fixed in aoecmdcfgpkts” involves replacing...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000 – fixed a potential memory leak in wilcmacxmit The wilcmacxmit function returns NETDEVTXOK without freeing the skb buffer; devkfreeskb was added to address this issue. This fix has been tested only during compilati...