Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header; validate it once before the flowtable lookup. ===================================================== BUG:...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: Incorrect arithmetic operations when fetching VLAN header bits. If the offset plus the length exceeds the range of the Ethernet + VLAN header, then the length is adjusted to copy the bytes that are within t...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Team: Fix null-ptr-deref when the team device type is changed. The null-ptr-deref bug occurs as follows with a reproducer 1. Bug: Kernel NULL pointer dereferencing. Address: 0000000000000228… … RIP:...

RockyLinux 9 : kernel (RLSA-2026:21556)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21556 advisory. kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setti...

CentOS 9 : kernel-5.14.0-708.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-708.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks...

EUVD-2026-25651

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

CVE-2026-31684

The CVE-2026-31684 issue is in the Linux kernel’s net/sched pathology (act_csum) where tcf_csum_act() reads nested VLAN headers directly from skb->data if the payload contains VLAN tags, and may read VLAN_HLEN bytes before guaranteeing the full header is present. The root cause is that the cod...

Linux Distros Unpatched Vulnerability : CVE-2026-31684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. Th...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990332)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990332 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + lengt...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989569)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989569 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + lengt...

EUVD-2023-59687

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-53033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset +...

SUSE CVE-2023-53033

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlanethh...

CVE-2023-53033

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlanethh...

DEBIAN-CVE-2023-53033

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlanethh...

UBUNTU-CVE-2023-53033

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlanethh...

CVE-2023-53033 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlanethh...

CVE-2023-53033

The CVE-2023-53033 entry concerns the Linux kernel Netfilter nft_payload code, where arithmetic incorrectly added the VLAN header size when handling VLAN bits (notably for double-tagged packets). The issue is fixed by using subtraction to adjust the length, addressing CVE-2023-0179, with impact d...

CVE-2023-53033 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlanethh...

CVE-2023-53033

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftpayload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the boundaries of the vlanethh...