4 matches found
CVE-2026-52940
In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...
CVE-2026-52940 tun: zero the whole vnet header in tun_put_user()
In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...
EUVD-2026-38710
In the Linux kernel, the following vulnerability has been resolved: tun: zero the whole vnet header in tunputuser tunputuser declares an on-stack struct virtionethdrv1hashtunnel without zeroing it. For a non-tunnel skb, virtionethdrtnlfromskb only initializes the first 10 bytes sizeofstruct...
CVE-2026-52940
The CVE-2026-52940 issue affects the Linux kernel tun driver. tun_put_user() allocates an on‑stack virtio_net_hdr_v1_hash_tunnel without zeroing, while virtio_net_hdr_tnl_from_skb() only initializes the first 10 bytes for non‑tunnel SKBs. This allows an unprivileged user to set the vnet header to...