CVE-2026-53229

The CVE-2026-53229 entries describe a Linux kernel issue in the mlx5e_xmit_xdp_buff() path of the net/mlx5e driver (XSK/XDP_TX). When sq->xmit_xdp_frame() returns false (e.g., XDPSQ full), the code returns without unmapping the DMA address or freeing the xdp_frame. The DMAAPI debug trace can s...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Revert “xsk: Support redirecting to any socket bound to the same umem”. This change is reflected in commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when multiple NAPI instances...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame’s length check When calling buftoxdp, the len argument represents the length of the frame data, excluding the length of the virtio header vi-hdrlen. We check that len is not greater than the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fixed invalid buffer access for legacy rq The following crash can occur when using xdpsock in RX mode for legacy rq: the buffer is released in the XDPREDIRECT path, and then again in the driver. This fix sets a fl...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: xsk: Fixed a race condition in socket teardown Fixed a race condition in the xsk socket teardown code that could lead to a NULL pointer dereferencing. The current xskunbindcode in xskunbinddev starts by setting xs-state to...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xsk: Fixed an use-after-free error during socket cleanup. A use-after-free error can occur if the xskdiag interface is used after the socket has been unbound from the device. This can happen either due to the socket being closed ...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: Fixed the deletion of fragment nodes to prevent buffer leaks. After the commit b692bf9a7543 “xsk: Got rid of xdpbuffxsk::xskblistnode”, the listnode field is reused for both the xskb pool list and the buffer free list. This...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger a lock dependency in xsknotify via registernetdevice. As discussed in 0, using registernetdevice in notifiers is problematic, so we skip adding the lapbeth...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: Check IFFUP earlier in the Tx path. The Xsk Tx operation can be triggered via either sendmsg or poll system calls. Both paths involve a call to the common function xskxmit, which contains two sanity checks. Here’s a...

SUSE CVE-2026-43093

In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdpumemreg could leave us with insufficient space dedicated to even receive minimum-sized ethernet frame. Furthermore ...

CVE-2026-43093

A flaw was found in the Linux kernel's xsk AFXDP subsystem due to insufficient validation of the User Memory UMEM headroom. This vulnerability could lead to memory corruption, specifically the skbsharedinfo data structure, if multi-buffer is enabled. Such corruption could result in system...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xsk: fixed the refcount underflow in the error path. This fix addresses a refcount underflow issue reported by syzbot, which can occur when the system runs out of memory. If xpalloctxdescs fails—and it can only fail due to...

SUSE-SU-2026:21099-1 Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

SUSE-SU-2026:1261-1 Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: - CVE-2025-40159: xsk: Harden userspace-supplied xdpdesc validation bsc1253404. - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoke...

SUSE-SU-2026:1244-1 Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

SUSE-SU-2026:1239-1 Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.50 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689...

SUSE-SU-2026:1236-1 Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.53 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

SUSE-SU-2026:21060-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...