CVE-2026-43089

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildmapping struct xfrmusersaid has a one-byte padding hole after the proto field, which ends up never getting set to zero before copying out to userspace. Fix that up by zeroing out the whole structur...

PT-2026-37524

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rnbd-srv component where the response buffer is not cleared before use. This can lead to the client receiving stray bytes when messages are exchanged between...

PT-2026-37399

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak exists in the build mapping function within the xfrm user component. The xfrm usersa id structure contains a one-byte padding hole following the proto field that is n...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: zero out stale pointers crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if failing to obtain any of them; therefore, pointers in...

CVE-2026-43040

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndiscrauseropt to initialize nduseroptpadX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTMNEWNDUSEROPT netlink message. The nduseroptms...

CVE-2026-43035

The CVE affects the Linux kernel net: sched: cls_api code path tc_chain_fill_node, where tcm_info in struct tcmsg was not initialized, leaking heap memory to userspace via a 4-byte field. The fix zeros tcm_info alongside other initialized fields. Affected/patched details from connected docs: upst...

CVE-2026-43026 netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via nfctexpectalloc. When CTAEXPECTNAT is not present in the netlink message, savedad...

EUVD-2026-26625

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via nfctexpectalloc. When CTAEXPECTNAT is not present in the netlink message, savedad...

PT-2026-36457

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak exists when processing Router Advertisements with user options. The kernel constructs an 'RTM NEWNDUSEROPT' netlink message using the nduseroptmsg struct, which...

SUSE CVE-2026-31671

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...

CVE-2026-31671

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...

CVE-2026-31671

The CVE-2026-31671 issue is in the Linux kernel xfrm_user component. A struct xfrm_user_report includes a __u8 proto field followed by a struct xfrm_selector, creating three padding bytes that were never zeroed before copying to userspace. The vulnerability is a information leak caused by these u...

EUVD-2026-25564

In the Linux kernel, the following vulnerability has been resolved: xfrmuser: fix info leak in buildreport struct xfrmuserreport is a u8 proto field followed by a struct xfrmselector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace...

PT-2026-35023

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An information leak exists in the build report function within xfrm user. The struct xfrm user report contains a u8 proto field followed by a struct xfrm selector, resulting in three byt...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013718)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013718 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fsmoveinlinedirents When converting an inline directory to a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011259)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011259 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commi...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013157)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013157 advisory. In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013025)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013025 advisory. In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak Fix a KMSAN...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011109)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011109 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecchardev: fix kernel data leak from ioctl It is possible to peep kernel...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011268 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the...