Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tundetach Syzbot reported a use-after-free in tundetach. This causes a call trace like the following: ================================================================== BUG: KASAN: use-after-free i...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: llc: A test for maclen should be performed before reading the MAC header. The LLC layer reads the MAC header using ethhdr, without verifying that the skb contains an Ethernet header. Syzbot was able to access the llcrcv functi...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: tun: avoided double-free in tunfreenetdev Avoid double-free in tunfreenetdev by moving the dev-tstats and tun-security allocations to a new ndoinit routine tunnetinit, which will be called by registernetdevice. ndoinit is paired...

CVE-2026-46321

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...

nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml

internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...

PT-2026-47557

internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...

PT-2026-47619

Name of the Vulnerable Software and Affected Versions nebula-mesh versions prior to 0.3.2 Description Host advanced overrides allow YAML injection into the agent config.yml. The issue occurs because the ListenHost and TunDevice fields are interpolated raw into a text/template within...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006571)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006571 advisory. In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb...

DEBIAN-CVE-2025-40271

In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990478 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with ethhdr without...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989959)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989959 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with ethhdr without...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990173)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990173 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napigetfrags kmemleak reports after running testprogs: unreference...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988754)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988754 advisory. In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with ethhdr without...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989794)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989794 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989516)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989516 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device...

Siemens SIMATIC Devices Allocation of Resources Without Limits or Throttling (CVE-2024-27013)

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call backs to receive packets. If too many illegal packets arrives, tundoread will keep dumping packet contents. When console is enabled, ...

EUVD-2022-54561

In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct tunfile which can get destroyed before the netdev so we have to del them explicitly. The current...

SUSE CVE-2025-39984

In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...

Linux Distros Unpatched Vulnerability : CVE-2023-53685

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it...

SUSE CVE-2023-53685

In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...