CVE-2025-71112

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlandelfailbmap is BITSTOLONGSVLANNVID. It may cause...

CVE-2025-71112

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlandelfailbmap is BITSTOLONGSVLANNVID. It may cause...

CVE-2025-71112 net: hns3: add VLAN id validation before using

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlandelfailbmap is BITSTOLONGSVLANNVID. It may cause...

CVE-2025-71112

In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlandelfailbmap is BITSTOLONGSVLANNVID. It may cause...

kernel: i40e: add validation for ring_len param

A flaw was identified in the Intel “i40e” Ethernet driver in the Linux Kernel where the ringlen parameter supplied by a VF virtual function is passed unchecked to the hardware memory context. If a malicious Virtual function provides a too-large or misaligned ringlen, it may allow the device to...

SUSE CVE-2025-71064

In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the numtqps in the vf driver to apply for resources Currently, hdev-htqp is allocated using hdev-numtqps, and kinfo-tqp is allocated using kinfo-numtqps. However, kinfo-numtqps is set to minnewtqps, hdev-numtqps;...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001670)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001670 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced ...

PT-2026-2585

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s networking subsystem related to the hns3 driver. The issue stems from inconsistent allocation sizes for hdev-htqp and kinfo-tqp when applying for...

hv_netvsc: Fix panic during namespace deletion with VF

...

kernel: i40e: add validation for ring_len param

A flaw was identified in the Intel “i40e” Ethernet driver in the Linux Kernel where the ringlen parameter supplied by a VF virtual function is passed unchecked to the hardware memory context. If a malicious Virtual function provides a too-large or misaligned ringlen, it may allow the device to...

PT-2026-26116

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel related to the liquidio component. Specifically, a flaw was identified in the setup nic devices function where an off-by-one error in the cleanup loop...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993025)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993025 advisory. In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: guard against NULL derefs from qediovgetvfinfo We have to make sure that the info...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992254)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992254 advisory. In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: guard against NULL derefs from qediovgetvfinfo We have to make sure that the info...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992664)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992664 advisory. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 net/core: Add...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992697)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992697 advisory. In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: guard against NULL derefs from qediovgetvfinfo We have to make sure that the info...

CVE-2025-68213 idpf: fix possible vport_config NULL pointer deref in remove

In the Linux kernel, the following vulnerability has been resolved: idpf: fix possible vportconfig NULL pointer deref in remove Attempting to remove the driver will cause a crash in cases where the vport failed to initialize. Following trace is from an instance where the driver failed during an...

UBUNTU-CVE-2023-53850

In the Linux kernel, the following vulnerability has been resolved: iavf: use internal state to free traffic IRQs If the system tries to close the netdev while iavfresettask is running, LINKSTATESTART will be cleared and netifrunning will return false in iavfreinitinterruptscheme. This will resul...

CVE-2022-50636

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pcideviceispresent for VFs by checking PF pcideviceispresent previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead...

DEBIAN-CVE-2022-50636

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pcideviceispresent for VFs by checking PF pcideviceispresent previously didn't work for VFs because it reads the Vendor and Device ID, which are 0xffff for VFs, which looks like they aren't present. Check the PF instead...

CVE-2022-50636

The CVE-2022-50636 entry concerns the Linux kernel PCI subsystem and VF handling. The vulnerability stemmed from pci_device_is_present() returning false for virtual functions (VFs) because it relied on Vendor/Device IDs (0xffff for VFs), causing virtio I/O issues during VF removal/unbinding or wh...