26 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed the issue where XDP programs generate skb values based on non-linear xdpbuff structures during the striding phase of the XDP process. XDP programs can modify the layout of an xdpbuff using bpfxdpadjusttail and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtionet: a memory leak inside XPDTX has been fixed using mergeable. When we call xdpconvertbufftoframe to obtain xdpf, if it returns NULL, we should check whether xdppage was allocated by xdplinearizepage. If it was newly...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: ti: icssg-prueth: Fixed the issue of missing data copying and incorrect recycling in ZC RX dispatch. The emacdispatchskbzc function allocates a new skb using napiallocskb. However, it never copies the packet data from the...
CVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ XDP multi-buf programs can modify the layout of the XDP buffer when the program calls bpfxdppulldata or bpfxdpadjusttail. The referenced commit in the fixes tag...
CVE-2026-43039
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emacdispatchskbzc allocates a new skb via napiallocskb but never copies the packet data from the XDP buffer into it. The skb is passed up the stack...
CVE-2026-43039 net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emacdispatchskbzc allocates a new skb via napiallocskb but never copies the packet data from the XDP buffer into it. The skb is passed up the stack...
EUVD-2026-26638
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch emacdispatchskbzc allocates a new skb via napiallocskb but never copies the packet data from the XDP buffer into it. The skb is passed up the stack...
PT-2026-36456
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the emac dispatch skb zc function where a new skb is allocated via napi alloc skb but packet data from the XDP buffer is not copied into it. This results in the skb...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the emacdispatchskbzc function in the icssg-prueth driver failing to copy XDP buffer data to a new skb,...
CVE-2025-71095
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix the crash issue for zero copy XDPTX action There is a crash issue when running zero copy XDPTX action, the crash log is shown below. 216.122464 Unable to handle kernel paging request at virtual address...
PT-2025-54052
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc1+ 31 Description The Linux kernel contains an issue in the net/mlx5e module related to xsk XDP socket handling of buffers for legacy request queues rq. A crash can occur when using xdpsock in receive rx...
SUSE CVE-2025-40350
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...
EUVD-2025-203637
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...
UBUNTU-CVE-2025-40350
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...
CVE-2025-40350
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdpbuff for striding RQ XDP programs can change the layout of an xdpbuff through bpfxdpadjusttail and bpfxdpadjusthead. Therefore, the driver cannot assume the size of the linear...
CVE-2025-40350
CVE-2025-40350: Linux kernel mlx5e RX path vulnerable when handling multi-buffer XDP; XDP changes to xdp_buff layout (bpf_xdp_adjust_head/tail) can break skb construction. The fix records the original fragment count and rewinds the end fragment if it changes after XDP, rebuilds the skb with a lin...
CVE-2025-40123
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...
EUVD-2025-124960
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...
PT-2025-51566
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the net/mlx5e component related to handling XDP programs and skb socket buffer generation. XDP programs can modify the layout of an xdp buff using t...
kernel: eth: bnxt: fix truesize for mb-xdp-pass case
In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDPPASS, packet is converted from xdpbuff to skbuff with xdpupdateskbsharedinfo in bnxtxdpbuildskb. bnxtxdpbuildskb passes incorrect truesize argument ...