CVE-2026-52916

A flaw was found in the Linux kernel's batman-adv module. A remote attacker can exploit this vulnerability by sending specially crafted BATADVUNICASTFRAG packets, which are designed to contain other fragmented packets. This 'fragments in fragments' scenario causes the kernel to recursively proces...

CVE-2026-52916

The CVE-2026-52916 issue affects the Linux kernel’s BATMAN-adv fragment handling. batadv_frag_skb_buffer() is invoked when a BATADV_UNICAST_FRAG packet is received, and after defragmentation, batadv_batman_skb_recv() processes the payload again. A malicious sender could craft a BATADV_UNICAST_FRA...

EUVD-2026-38719

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

CVE-2026-52916

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadvfragskbbuffer is called by batadvbatmanskbrecv when a BATADVUNICASTFRAG packet is received. Once all fragments are collected and the packet is reassembled,...

Astra Linux - уязвимость в avahi

In Avahi, including versions 0.6.32 and 0.7, avahi-daemon inadvertently responds to IPv6 unicast queries with source addresses that are not on-link. This allows remote attackers to cause a denial of service traffic amplification and may lead to information leakage by extracting potentially...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021635 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardo...

CVE-2026-43481

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...

CVE-2026-43481

The CVE-2026-43481 issue affects the Linux kernel net-shapers component. The vulnerability arises because, on genlmsg_reply() failure, the reply skb could be freed twice (the code path freed or nlmsg_free(msg) after genlmsg_reply() and in all return paths). The root cause is that netlink_unicast(...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22060)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22060 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory...

CVE-2025-71127

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see IEEE Std 802.11-2020, 11.1.3.1 "The Address 1 field of the Beacon .. frame shall be set to the...

CVE-2025-71127

Mode C: CVE-2025-71127 affects the Linux kernel’s wifi/mac80211 beacon handling: unicast Beacon frames sent to non-broadcast addresses could bypass beacon protection when Protected Frame bit is 1. The public description states that such frames can be dropped by a generic check on A1=unicast, prev...

Linux Distros Unpatched Vulnerability : CVE-2025-71127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to...

kea: Kea crash upon interaction between specific client options and subnet selection

A vulnerability was found in Kea. When an attacker who is an existing client with an assigned IP sends a crafted unicast packet directly to the server's IP and Kea cannot find any subnets that match that client's credentials, the server crashes causing a Denial of Service via assertion/NULL-path...

CLSA-2025-1762363302 frr: Fix of 4 CVEs

CVE-2022-36440: fix heap-buffer-overflow in peekforas4capability when reading BGP OPEN extended optional parameters - CVE-2023-31490: fix insufficient stream data validation in BGP prefix SID attributes processing - CVE-2023-38407: fix out-of-bounds read in BGP labeled unicast parsing -...

CLSA-2025-1762179793 glib2: Fix of CVE-2024-34397

CVE-2024-34397: fix GDBus signal subscriptions from unicast spoofing...

CLSA-2025-1762179202 glib2: Fix of CVE-2024-34397

CVE-2024-34397: fix GDBus signal subscriptions from unicast spoofing...

CVE-2025-55093

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...

CVE-2025-55093

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...

CVE-2025-55093 Out of bound read and write in _nx_ipv4_packet_receive() when handling unicast DHCP messages

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...

CVE-2025-55093 Out of bound read and write in _nx_ipv4_packet_receive() when handling unicast DHCP messages

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...