Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: Always release the netdev hooks from the notifier. This resolves the issue where, when a veth device is released, the veth release callback also queues the peer netns device for removal. It’s possible that th...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure that the eth header is in the linear part of the skb structure. After feeding a decapsulated packet to a veth device using actmirred, skbheadlen might be set to 0. However, vethxmit calls devforwardskb, which expects...

CVE-2026-31692

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...

CVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL

In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gvetxcleanpendingpackets for QPL In DQ-QPL mode, gvetxcleanpendingpackets incorrectly uses the RDA buffer cleanup path. It iterates numbufs times and attempts to unmap entries in the dma array...

CVE-2026-23254

CVE-2026-23254 (Linux kernel): The issue affects UDP GRO in the net/ gro path, where the complete stage incorrectly uses the inner network offset when the encapsulation flag is not reliably zeroed by hardware offloads. The root cause is an assumption that all RX-inserted packets have encapsulatio...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000977)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000977 advisory. The veth aka virtual Ethernet driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a deni...

SUSE CVE-2023-54200

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: always release netdev hooks from notifier This reverts "netfilter: nftables: skip netdev events generated on netns removal". The problem is that when a veth device is released, the veth release callback will...

SUSE CVE-2025-68341

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP nodirect return section to fix race As explain in commit fa349e396e48 "veth: Fix race with AFXDP exposing old or uninitialized descriptors" for veth there is a chance after napicompletedone that another CPU can...

CVE-2025-68341

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP nodirect return section to fix race As explain in commit fa349e396e48 "veth: Fix race with AFXDP exposing old or uninitialized descriptors" for veth there is a chance after napicompletedone that another CPU can...

EUVD-2013-1250

Malware in sbrugna...

EUVD-2013-1253

Malware in sbrugna...

EUVD-2011-0381

Malware in sbrugna...

EUVD-2013-2006

Malware in sbrugna...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-381554)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-381554 advisory. In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdiscpktleninit with UFO After commit 7c6d2ecbda83 net: be mor...

CVE-2013-1209

The encryption functionality in the Virtual Supervisor Module VSM to Virtual Ethernet Module VEM communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via...

CVE-2013-1213

Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module VEM to a Virtual Supervisor Module VSM, which allows remote attackers to cause a denial of service false VEM unavailability report via a flood of UDP packets, aka Bug ID...

CVE-2024-58071 team: prevent adding a device which is already a team device lower

In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in...

UBUNTU-CVE-2022-49066

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

kernel: net: veth: clear GRO when clearing XDP even when down

In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down The Linux kernel CVE team has assigned CVE-2024-26803 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040404-CVE-2024-26803-9985@gregkh/T...

kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info

CVE-2024-35839 is a flaw in the Linux kernel's Netfilter bridge functionality. It occurs when bridging certain packets, such as those involving destination NAT between virtual Ethernet interfaces. A mismatch between the network device associated with a packet and the neighbor's device can lead to...