EUVD-2026-38869

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict several matches to inet family This is a partial revert of: commit ab4f21e6fb1c "netfilter: xtables: use NFPROTOUNSPEC in more extensions" to allow ipv4 and ipv6 only. - xtmac - xtowner - xtphysdev...

CVE-2026-52920

A flaw was found in the Linux kernel's netfilter component, which is responsible for network packet filtering. This vulnerability, located in the xtpolicy module, involves an error in how strict inbound network policies are matched. This could allow an attacker to bypass established security rule...

CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

CVE-2026-52920 netfilter: xt_policy: fix strict mode inbound policy matching

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

CVE-2026-52920

The CVE-2026-52920 involves the Linux kernel netfilter xt_policy module, where strict inbound policy matching previously consumed info->pol[] in an incorrect order when multiple transforms were applied. Root cause: match_policy_in() iterates sec_path entries from last to first, violating the f...

EUVD-2026-38723

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

RHEL 9 : kernel (RHSA-2026:25028)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25028 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: openvswitch: Avoid...

Linux Distros Unpatched Vulnerability : CVE-2026-46276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on- chip memory resources. The gfxv120 initialisation code...

SUSE-SU-2026:21894-1 Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. - CVE-2026-23274:...

AlmaLinux 8 : kernel-rt (ALSA-2026:21745)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21745 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

CVE-2026-43452

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += opi + 1 ? : 1 can read opi + 1 past the end of the option area. Add...

UBUNTU-CVE-2026-43452

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += opi + 1 ? : 1 can read opi + 1 past the end of the option area. Add...

CVE-2026-43190 netfilter: xt_tcpmss: check remaining length before reading optlen

In the Linux kernel, the following vulnerability has been resolved: netfilter: xttcpmss: check remaining length before reading optlen Quoting reporter: In net/netfilter/xttcpmss.c lines 53-68, the TCP option parser reads opi+1 directly without validating the remaining option length. If the last...

WordPress XT Quick View for WooCommerce plugin <= 2.1.5 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Quick View for WooCommerce versions = 2.1.5...

netfilter: xt_multiport: validate range encoding in checkentry

...

CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31424

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the xtables and arptables components. This vulnerability arises when xtmatch and xttarget extensions, registered for unspecified protocol families, are incorrectly processed by the Address Resolution Protocol ARP...

UBUNTU-CVE-2026-31424

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...

CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtCT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy,...