CVE-2026-52940

A flaw was found in the Linux kernel's tun driver. An unprivileged user can exploit this vulnerability by setting the virtual network vnet header size to 24 bytes. This action causes the kernel to copy partially initialized stack memory to userspace when reading non-tunnel packets, leading to the...

CVE-2026-46322

A flaw was found in the Linux kernel's tun driver. This vulnerability occurs when the buildskb function fails within tunxdpone, leading to a failure to free an allocated memory page. Each such failure results in a memory leak, where a 'page-frag chunk' is not released. Over time, repeated...

UBUNTU-CVE-2026-46322

In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...

CVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()

In the Linux kernel, the following vulnerability has been resolved: tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhostnetbuildxdp allocated for the frame. ...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks in napigetfrags The issue was reported in kmemleak after running testprogs: Unreferenced object: 0xffff8881b1672dc0 size 232 Details: comm “testprogs”, pid 394388, jiffies 4354712116 age 841.975s Hex du...

SUSE CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

DEBIAN-CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

UBUNTU-CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

Linux Distros Unpatched Vulnerability : CVE-2026-23254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption i...

Linux Distros Unpatched Vulnerability : CVE-2026-23095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. 0 The repro generated a GUE packet with its inner protocol 0. gueudprecv retur...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002011)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002011 advisory. Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAPNETADMIN capability a...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: Net: tun: Update napi-skb after the XDP process. The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb...

PT-2026-26114

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's UDP GRO Generic Receive Offload complete stage. The UDP GRO complete stage incorrectly assumes that the encapsulation flag is zeroed for all packets...

EUVD-2023-60290

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

CVE-2023-54155 net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail()

In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary framesz check in bpfxdpadjusttail Syzkaller reported the following issue: ======================================= Too BIG xdp-framesz = 131072 WARNING: CPU: 0 PID: 5020 at net/core/filter.c:4121...

CVE-2023-53798

CVE-2023-53798 affects the Linux kernel’s ethtool path for setting link modes via the legacy IOCTL interface. The root cause is an uninitialized struct ethtool_link_ksettings in the IOCTL/set_link_ksettings path, causing the lanes field to be read as uninitialized memory, which can influence driv...

CVE-2023-53798

In the Linux kernel, the following vulnerability has been resolved: ethtool: Fix uninitialized number of lanes It is not possible to set the number of lanes when setting link modes using the legacy IOCTL ethtool interface. Since 'struct ethtoollinkksettings' is not initialized in this path, drive...

CVE-2025-39984

In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...