CVE-2023-54200

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: always release netdev hooks from notifier This reverts "netfilter: nftables: skip netdev events generated on netns removal". The problem is that when a veth device is released, the veth release callback will...

PT-2025-54029

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's netfilter component, specifically within the nf tables subsystem. The issue involves the improper handling of network device netdev hooks during netwo...

CVE-2025-68341

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP nodirect return section to fix race As explain in commit fa349e396e48 "veth: Fix race with AFXDP exposing old or uninitialized descriptors" for veth there is a chance after napicompletedone that another CPU can...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an XDP nodirect return partial contention in veth, which could lead to a contention condition...

CVE-2025-68232

In the Linux kernel, the following vulnerability has been resolved: veth: more robust handing of race to avoid txq getting stuck Commit dc82a33297fc "veth: apply qdisc backpressure on full ptrring to reduce TX drops" introduced a race condition that can lead to a permanently stalled TXQ. This was...

EUVD-2022-55138

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

CVE-2022-49066

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

CVE-2022-49066 veth: Ensure eth header is in skb's linear part

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

CVE-2022-49066

The CVE-2022-49066 issue affects the Linux kernel’s veth path. When a decapsulated packet is fed to a veth device with act_mirred, skb_headlen() may be 0, yet veth_xmit() forwards the skb to __dev_forward_skb() which unconditionally requires ETH_HLEN bytes of linear data. The root cause is the mi...

CVE-2022-49066 veth: Ensure eth header is in skb's linear part

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

CVE-2022-49066

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

kernel: veth: ensure skb entering GRO are not cloned.

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

SUSE CVE-2021-47099

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

DEBIAN-CVE-2021-47099

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

CVE-2021-47099

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

UBUNTU-CVE-2021-47099

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

kernel: Linux kernel: netfilter use-after-free vulnerability leading to denial of service

A flaw was found in the Linux kernel's netfilter component. When a virtual Ethernet veth device is released, the associated network namespace netns device memory may be prematurely freed. This can lead to a use-after-free vulnerability during the unregistration of netdev hooks. A local attacker...