CVE-2025-40183

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadatadst leak bpfredirectneighv4,6 Cilium has a BPF egress gateway feature which forces outgoing K8s Pod traffic to pass through dedicated egress gateways which then SNAT the traffic in order to interact with stable I...

UBUNTU-CVE-2025-40183

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadatadst leak bpfredirectneighv4,6 Cilium has a BPF egress gateway feature which forces outgoing K8s Pod traffic to pass through dedicated egress gateways which then SNAT the traffic in order to interact with stable I...

CVE-2025-40183

CVE-2025-40183 reflects a Linux kernel bug in BPF: metadata_dst leak via __bpf_redirect_neigh_v{4,6}. In workloads using Cilium’s BPF egress gateway, vxLAN-decapsulated traffic was routed with bpf_redirect_neigh(), which could leave behind a metadata_dst object attached to the skb and not release...

CVE-2023-24548 On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets

On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place...

CVE-2023-36835

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...

CVE-2023-36835

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...

Design/Logic Flaw

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...

CVE-2023-36835 Junos OS: QFX10000 Series: All traffic will be dropped after a specific valid IP packet has been received which needs to be routed over a VXLAN tunnel

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...

CVE-2023-36835 Junos OS: QFX10000 Series: All traffic will be dropped after a specific valid IP packet has been received which needs to be routed over a VXLAN tunnel

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service DoS. If a specific valid IP packet is received and that packet needs to be routed...

kernel: some ipv6 protocols not encrypted over ipsec tunnel

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...