CVE-2026-46323

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

UBUNTU-CVE-2026-46323

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

CVE-2026-46323 net: gro: don't merge zcopy skbs

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

EUVD-2026-35413

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

CVE-2026-46323

In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFLMANAGEDFRAGREFS flag. When SKBFLMANAGEDFRAGREFS is set, the...

CVE-2026-46323

CVE-2026-46323 affects the Linux kernel’s networking GRO path. The issue occurs in skb_gro_receive() where fragments can be copied between the source and GRO skbs without respecting zerocopy status, notably when SKBFL_MANAGED_FRAG_REFS is set. When this flag is present, pages in shinfo->frags ...

Linux Distros Unpatched Vulnerability : CVE-2026-46323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: gro: don't merge zcopy skbs skbgroreceive can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function skbgroreceive, which does not check the zero-copy status during the copy of frags,...

PT-2026-47760

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The skb gro receive function fails to check the zerocopy status, specifically the SKBFL MANAGED FRAG REFS flag, when copying fragments between the source and Generic Receive Offload GRO...

Important: kernel-livepatch-6.12.73-95.123

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails CVE-2026-43494 Affected Packages: kernel-livepatch-6.12.73-95.123 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

net/rds: reset op_nents when zerocopy page pin fails

...

net/rds: handle zerocopy send cleanup before the message is queued

...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431-CopyFail---Minified-LPE-PoC ⚠️ Disclaimer For...

CVE-2026-43494

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and rm-data.opmmpznotifier is cleared. But we fail to properly clear...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of zero-copy page fixing in the rdsmessagezcopyfromuser function. This failure does n...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect inference of the zero-copy status during the cleanup phase before messages are...

Advisory ROSA-SA-2026-3288

software: kernel-6.6 6.6.126 WASP: ROSA-CHROME unaffected versions = kernel-6.6-6.6.6.126-6 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption an...

Advisory ROSA-SA-2026-3287

software: kernel-6.12 6.12.74 WASP: ROSA-CHROME unaffected versions = kernel-6.12-6.12.74-13 affected versions data.opnents field during buffer management. By exploiting the RDS TCP transport SORDSTRANSPORT=2 in conjunction with iouring, a local unprivileged attacker can cause memory corruption a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ublk: Clean up user copy references on the ublk server exit If a ublk server process releases a ublk character device file, any requests dispatched to the ublk server but not yet completed will retain a reference value of...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: ti: icssg-prueth: Fix missing data copying and incorrect recycling in ZC RX dispatch. emacdispatchskbzc allocates a new skb using napiallocskb, but never copies the packet data from the XDP buffer into it. The skb is pass...