There's no better way to spend a week in July than in Rome at Netdev @netdev01! Get tickets while they're still at early bird rates. I have it on good authority (me) we will have authentic Roman pizza freshly made one night. What more can you ask for?

We made co-located TCP up to 7x faster by adding a copy, not removing one. That sentence should bother you. Every performance engineer is trained to drive copies toward zero. So when we built bpf_sock_splice_pair(), a new BPF kfunc that splices two TCP sockets on the same machine (think service-mesh sidecars, loopback RPC, co-scheduled microservices), our first design did exactly that: a single direct user-to-user copy, the theoretical minimum for an unmodified sockets API. It was elegant. It was also the wrong tradeoff. A single copy forces the sender to write straight into the receiver's buffer, which means both sides have to meet at the same instant. That synchronous rendezvous quietly kills batching. The sender can never run ahead, so throughput is capped by handshake latency instead of memory bandwidth. The fix is a lesson queueing theory has taught for decades: to let a producer outrun a consumer, you need a buffer between them. A buffer costs a second copy, and that second copy is the price of decoupling. Decoupling enables batching, batching amortizes per-message overhead, and owning an in-kernel ring lets the receiver busy-poll, the one thing that finally cracks loopback latency. The result, measured with netperf at a realistic 1 KB request-response: - Loopback TCP_RR: 106k to 713k transactions/sec (6.7x) - Container TCP_RR: 100k to 705k transactions/sec (7.0x) - No application changes. No new address family. Just BPF pairing ordinary TCP sockets. We also benchmarked it against AF_SMC's shared-memory loopback, which independently arrived at the same "buffering enables batching" conclusion. Our two-copy ring still comes out ahead of its three-copy path. The full design story, the dead end we walked into first, and a comparison with AF_SMC: multikernel.io/2026/06/11/bp… The patchset is up as an RFC on the BPF and netdev lists. Reviews and benchmarks welcome. #LinuxKernel #eBPF #Networking #Performance #TCP #SystemsEngineering #OpenSource

The Netdev 0x1A @netdev01 schedule is coming together! Workshops, BoF's, and talk are starting to be announced over the next few days. If you don't have your ticket yet, Early Bird pricing is still available for a couple of days!!

Akhirnya finally nge blend sama tim netdev😪😴

If you weren't sure about attending Netdev @netdev01 this year, now you have no excuse. Come to Rome, have some delicious pizza, and listen to the man, Greg KH!!

Nearly a decade supporting the Linux Networking community. Proud sponsor of @netdev01 again!😃 #Netdev #OpenSource #Linux

The patch addressing several Dirty Frag variants has been merged into netdev tree. Details: seclists.org/oss-sec/2026/q2…

Is this the GRO bypass my colleague @kerneltoast at @CtrlIQ had found the other day (with Claude) and brought to netdev and stable lists, for you (and your AI) to more easily rediscover and claim 100% of credit for ("Found with V12 by the V12 team")? ;-)

Threat Intelligence Alert | In-Depth Technical Analysis: New Fragnesia Variant (fragnesia-5db89c99566fc) — Bypass of CVE-2026-46300 Patch V12 Security has released a fully functional PoC for a new bypass of the previously merged fix (commit f84eca581739) for CVE-2026-46300 (Fragnesia). This marks the latest iteration in the Dirty Frag family of Linux kernel Local Privilege Escalation (LPE) vulnerabilities targeting the XFRM ESP-in-TCP subsystem. 🔍 Root Cause (net/core/skbuff.c — skb_segment()) When constructing GSO segments from an skb that contains a frag_list, the SKBFL_SHARED_FRAG flag is propagated only from the head skb. Members of the frag_list carrying page-cache-backed fragments with the flag set lose this marker during segmentation. Consequence: the resulting segments bypass the skip_cow() check inside esp_input(), enabling AES-GCM decryption in-place directly over page cache pages — the exact same powerful primitive used by previous Dirty Frag and Fragnesia exploits. 🔬 Deterministic Trigger Chain 1. Three network namespaces connected via veth pairs (sender → forwarder → receiver). 2. Sender performs send() splice() (from the same read-only file) on the identical TCP connection. 3. GRO coalescing on the forwarder merges both packets within the same NAPI poll: • send() → head skb (no flag) • splice() → frag_list (with SKBFL_SHARED_FRAG) 4. GSO is disabled on the forwarder’s egress interface, forcing skb_segment(). 5. The flag is lost on the generated segments. 6. Segments arrive at the receiver with ESP-in-TCP active, allowing controlled 1-byte arbitrary writes into the page cache via the AES-GCM keystream. The exploit iterates a small ELF payload, automatically locates and overwrites a SUID-root binary (with automatic backup), and spawns a root shell. The page cache modification is non-persistent on disk and can be cleared with drop_caches. ✅ Full working PoC (including skb_segment_exploit.c, Makefile and detailed README): github.com/v12-security/pocs… 📌 References: • Original Fragnesia (CVE-2026-46300): github.com/v12-security/pocs… • V12 Security: v12.sh ❌ No patch is currently available in mainline or netdev trees for this bypass. Immediate Mitigation (identical to Dirty Frag / Fragnesia): • sudo modprobe -r esp4 esp6 rxrpc • Blacklist the modules esp4, esp6 and rxrpc System administrators and SOC teams should apply this mitigation immediately and monitor for XFRM/ESP module loading. #Linux #KernelLinux #CVE202646300 #Fragnesia #DirtyFrag #LPE #PrivilegeEscalation #XFRM #ESPinTCP #LinuxKernel #CyberSecurity #InfoSec #ThreatIntelligence #Vulnerability #OSINT #LinuxSecurity #KernelSecurity #RedTeam #BlueTeam #SysAdmin #DevOps #VulnMgmt #CyberThreat

Last week in Linux: CVE-2026-43485: nouveau/gsp: drop WARN_ON in ACPI probes 2026-05-13 15:08 UTC CVE-2026-43484: mmc: core: Avoid bitfield RMW for claim/retune flags 2026-05-13 15:08 UTC CVE-2026-43483: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated 2026-05-13 15:08 UTC CVE-2026-43482: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work 2026-05-13 15:08 UTC CVE-2026-43481: net-shapers: don't free reply skb after genlmsg_reply() 2026-05-13 15:08 UTC CVE-2026-43480: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition 2026-05-13 15:08 UTC CVE-2026-43479: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect 2026-05-13 15:08 UTC CVE-2026-43478: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put 2026-05-13 15:08 UTC CVE-2026-43489: liveupdate: luo_file: remember retrieve() status 2026-05-13 15:08 UTC CVE-2026-43488: usb: xhci: Prevent interrupt storm on host controller error (HCE) 2026-05-13 15:08 UTC CVE-2026-43487: ata: libata-core: Disable LPM on ST1000DM010-2EP102 2026-05-13 15:08 UTC CVE-2026-43486: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults 2026-05-13 15:08 UTC CVE-2026-43476: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() 2026-05-13 15:08 UTC CVE-2026-43477: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL 2026-05-13 15:08 UTC CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present 2026-05-11 6:26 UTC CVE-2026-43452: netfilter: x_tables: guard option walkers against 1-byte tail reads 2026-05-08 14:23 UTC CVE-2026-43461: spi: amlogic: spifc-a4: Fix DMA mapping error handling 2026-05-08 14:23 UTC CVE-2026-43460: spi: rockchip-sfc: Fix double-free in remove() callback 2026-05-08 14:23 UTC CVE-2026-43459: ASoC: soc-core: flush delayed work before removing DAIs and widgets 2026-05-08 14:23 UTC CVE-2026-43458: serial: caif: hold tty->link reference in ldisc_open and ser_release 2026-05-08 14:23 UTC CVE-2026-43457: mctp: i2c: fix skb memory leak in receive path 2026-05-08 14:23 UTC CVE-2026-43456: bonding: fix type confusion in bond_setup_by_slave() 2026-05-08 14:23 UTC CVE-2026-43455: mctp: route: hold key->lock in mctp_flow_prepare_output() 2026-05-08 14:23 UTC CVE-2026-43475: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT 2026-05-08 14:23 UTC CVE-2026-43474: fs: init flags_valid before calling vfs_fileattr_get 2026-05-08 14:23 UTC CVE-2026-43473: scsi: mpi3mr: Add NULL checks when resetting request and reply queues 2026-05-08 14:23 UTC CVE-2026-43472: unshare: fix unshare_fs() handling 2026-05-08 14:23 UTC CVE-2026-43454: netfilter: nf_tables: Fix for duplicate device in netdev hooks 2026-05-08 14:23 UTC CVE-2026-43471: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() 2026-05-08 14:23 UTC CVE-2026-43470: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir 2026-05-08 14:23 UTC CVE-2026-43469: xprtrdma: Decrement re_receiving on the early exit paths 2026-05-08 14:23 UTC CVE-2026-43468: net/mlx5: Fix deadlock between devlink lock and esw->wq 2026-05-08 14:23 UTC CVE-2026-43467: net/mlx5: Fix crash when moving to switchdev mode 2026-05-08 14:23 UTC CVE-2026-43466: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery 2026-05-08 14:23 UTC CVE-2026-43465: net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ 2026-05-08 14:23 UTC CVE-2026-43464: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ 2026-05-08 14:23 UTC CVE-2026-43463: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() 2026-05-08 14:23 UTC CVE-2026-43462: net: spacemit: Fix error handling in emac_tx_mem_map() 2026-05-08 14:23 UTC CVE-2026-43453: netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() 2026-05-08 14:23 UTC CVE-2026-43417: sched/mmcid: Handle vfork()/CLONE_VM correctly 2026-05-08 14:22 UTC CVE-2026-43426: usb: renesas_usbhs: fix use-after-free in ISR during device removal 2026-05-08 14:22 UTC CVE-2026-43425: usb: image: mdc800: kill download URB on timeout 2026-05-08 14:22 UTC CVE-2026-43424: usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling 2026-05-08 14:22 UTC CVE-2026-43423: usb: gadget: f_ncm: Fix atomic context locking issue 2026-05-08 14:22 UTC CVE-2026-43422: usb: legacy: ncm: Fix NPE in gncm_bind 2026-05-08 14:22 UTC CVE-2026-43421: usb: gadget: f_ncm: Fix net_device lifecycle with device_move 2026-05-08 14:22 UTC CVE-2026-43451: netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path 2026-05-08 14:23 UTC CVE-2026-43450: netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() 2026-05-08 14:22 UTC CVE-2026-43449: nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set 2026-05-08 14:22 UTC CVE-2026-43448: nvme-pci: Fix race bug in nvme_poll_irqdisable() 2026-05-08 14:22 UTC CVE-2026-43447: iavf: fix PTP use-after-free during reset 2026-05-08 14:22 UTC CVE-2026-43420: ceph: fix i_nlink underrun during async unlink 2026-05-08 14:22 UTC CVE-2026-43446: accel/amdxdna: Fix runtime suspend deadlock when there is pending job 2026-05-08 14:22 UTC CVE-2026-43445: e1000/e1000e: Fix leak in DMA error cleanup 2026-05-08 14:22 UTC CVE-2026-43444: drm/amdkfd: Unreserve bo if queue update failed 2026-05-08 14:22 UTC CVE-2026-43443: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition 2026-05-08 14:22 UTC CVE-2026-43442: io_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops 2026-05-08 14:22 UTC CVE-2026-43441: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled 2026-05-08 14:22 UTC CVE-2026-43440: net/mana: Null service_wq on setup error to prevent double destroy 2026-05-08 14:22 UTC CVE-2026-43439: cgroup: fix race between task migration and iteration 2026-05-08 14:22 UTC CVE-2026-43438: sched_ext: Remove redundant css_put() in scx_cgroup_init() 2026-05-08 14:22 UTC CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() 2026-05-08 14:22 UTC CVE-2026-43419: ceph: fix memory leaks in ceph_mdsc_build_path() 2026-05-08 14:22 UTC CVE-2026-43436: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces 2026-05-08 14:22 UTC CVE-2026-43435: rust_binder: fix oneway spam detection 2026-05-08 14:22 UTC CVE-2026-43434: rust_binder: check ownership before using vma 2026-05-08 14:22 UTC CVE-2026-43433: rust_binder: avoid reading the written value in offsets array 2026-05-08 14:22 UTC CVE-2026-43432: usb: xhci: Fix memory leak in xhci_disable_slot() 2026-05-08 14:22 UTC CVE-2026-43431: xhci: Fix NULL pointer dereference when reading portli debugfs files 2026-05-08 14:22 UTC CVE-2026-43430: usb: yurex: fix race in probe 2026-05-08 14:22 UTC CVE-2026-43429: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts 2026-05-08 14:22 UTC CVE-2026-43428: USB: core: Limit the length of unkillable synchronous timeouts 2026-05-08 14:22 UTC CVE-2026-43427: usb: class: cdc-wdm: fix reordering issue in read code path 2026-05-08 14:22 UTC CVE-2026-43418: sched/mmcid: Prevent CID stalls due to concurrent forks 2026-05-08 14:22 UTC CVE-2026-43383: net/tcp-md5: Fix MAC comparison to be constant-time 2026-05-08 14:21 UTC CVE-2026-43392: sched_ext: Fix starvation of scx_enable() under fair-class saturation 2026-05-08 14:22 UTC CVE-2026-43391: nsfs: tighten permission checks for handle opening 2026-05-08 14:22 UTC CVE-2026-43390: nstree: tighten permission checks for listing 2026-05-08 14:21 UTC CVE-2026-43389: mm: memfd_luo: always dirty all folios 2026-05-08 14:21 UTC CVE-2026-43388: mm/damon/core: clear walk_control on inactive context in damos_walk() 2026-05-08 14:21 UTC CVE-2026-43387: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() 2026-05-08 14:21 UTC CVE-2026-43416: powerpc, perf: Check that current->mm is alive before getting user callchain 2026-05-08 14:22 UTC CVE-2026-43415: scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend 2026-05-08 14:22 UTC CVE-2026-43414: scsi: qla2xxx: Completely fix fcport double free 2026-05-08 14:22 UTC CVE-2026-43413: scsi: hisi_sas: Fix NULL pointer exception during user_scan() 2026-05-08 14:22 UTC CVE-2026-43386: staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie 2026-05-08 14:21 UTC CVE-2026-43412: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start 2026-05-08 14:22 UTC CVE-2026-43411: tipc: fix divide-by-zero in tipc_sk_filter_connect() 2026-05-08 14:22 UTC CVE-2026-43410: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled 2026-05-08 14:22 UTC CVE-2026-43409: kprobes: avoid crash when rmmod/insmod after ftrace killed 2026-05-08 14:22 UTC CVE-2026-43408: ceph: add a bunch of missing ceph_path_info initializers 2026-05-08 14:22 UTC CVE-2026-43407: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() 2026-05-08 14:22 UTC CVE-2026-43406: libceph: prevent potential out-of-bounds reads in process_message_header() 2026-05-08 14:22 UTC CVE-2026-43405: libceph: Use u32 for non-negative values in ceph_monmap_decode() 2026-05-08 14:22 UTC CVE-2026-43404: mm: Fix a hmm_range_fault() livelock / starvation problem 2026-05-08 14:22 UTC CVE-2026-43403: nsfs: tighten permission checks for ns iteration ioctls 2026-05-08 14:22 UTC CVE-2026-43385: net: Fix rcu_tasks stall in threaded busypoll 2026-05-08 14:21 UTC CVE-2026-43402: kthread: consolidate kthread exit paths to prevent use-after-free 2026-05-08 14:22 UTC CVE-2026-43401: cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() 2026-05-08 14:22 UTC CVE-2026-43400: drm/amdgpu: add upper bound check on user inputs in signal ioctl 2026-05-08 14:22 UTC CVE-2026-43399: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl 2026-05-08 14:22 UTC CVE-2026-43398: drm/amdgpu: add upper bound check on user inputs in wait ioctl 2026-05-08 14:22 UTC CVE-2026-43397: drm/bridge: samsung-dsim: Fix memory leak in error path 2026-05-08 14:22 UTC CVE-2026-43396: drm/xe/sync: Fix user fence leak on alloc failure 2026-05-08 14:22 UTC CVE-2026-43395: drm/xe/sync: Cleanup partially initialized sync on parse failure 2026-05-08 14:22 UTC CVE-2026-43394: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit() 2026-05-08 14:22 UTC CVE-2026-43393: btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() 2026-05-08 14:22 UTC CVE-2026-43384: net/tcp-ao: Fix MAC comparison to be constant-time 2026-05-08 14:21 UTC CVE-2026-43360: btrfs: fix transaction abort on file creation due to name hash collision 2026-05-08 14:21 UTC CVE-2026-43359: btrfs: fix transaction abort on set received ioctl due to item overflow 2026-05-08 14:21 UTC CVE-2026-43358: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() 2026-05-08 14:21 UTC CVE-2026-43357: iio: gyro: mpu3050-core: fix pm_runtime error handling 2026-05-08 14:21 UTC CVE-2026-43356: iio: imu: adis: Fix NULL pointer dereference in adis_init 2026-05-08 14:21 UTC CVE-2026-43355: iio: light: bh1780: fix PM runtime leak on error path 2026-05-08 14:21 UTC CVE-2026-43382: batman-adv: Avoid double-rtnl_lock ELP metric worker 2026-05-08 14:21 UTC CVE-2026-43381: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep 2026-05-08 14:21 UTC CVE-2026-43354: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq 2026-05-08 14:21 UTC CVE-2026-43380: hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read 2026-05-08 14:21 UTC CVE-2026-43379: ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() 2026-05-08 14:21 UTC CVE-2026-43378: smb: server: fix use-after-free in smb2_open() 2026-05-08 14:21 UTC CVE-2026-43377: ksmbd: Don't log keys in SMB3 signing and encryption key generation 2026-05-08 14:21 UTC CVE-2026-43376: ksmbd: fix use-after-free by using call_rcu() for oplock_info 2026-05-08 14:21 UTC CVE-2026-43375: net: mctp: fix device leak on probe failure 2026-05-08 14:21 UTC CVE-2026-43374: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry 2026-05-08 14:21 UTC CVE-2026-43373: net: ncsi: fix skb leak in error paths 2026-05-08 14:21 UTC CVE-2026-43372: net: dsa: microchip: Fix error path in PTP IRQ setup 2026-05-08 14:21 UTC CVE-2026-43371: net: macb: Shuffle the tx ring before enabling tx 2026-05-08 14:21 UTC CVE-2026-43353: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue 2026-05-08 14:21 UTC CVE-2026-43370: drm/amdgpu: Fix use-after-free race in VM acquire 2026-05-08 14:21 UTC CVE-2026-43369: drm/amd: Fix NULL pointer dereference in device cleanup 2026-05-08 14:21 UTC CVE-2026-43368: drm/i915: Fix potential overflow of shmem scatterlist length 2026-05-08 14:21 UTC CVE-2026-43367: drm/amd: Fix a few more NULL pointer dereference in device cleanup 2026-05-08 14:21 UTC CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle 2026-05-08 14:21 UTC CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values 2026-05-08 14:21 UTC CVE-2026-43364: ublk: fix NULL pointer dereference in ublk_ctrl_set_size() 2026-05-08 14:21 UTC CVE-2026-43363: x86/apic: Disable x2apic on resume if the kernel expects so 2026-05-08 14:21 UTC CVE-2026-43362: smb: client: fix in-place encryption corruption in SMB2_write() 2026-05-08 14:21 UTC CVE-2026-43361: btrfs: fix transaction abort when snapshotting received subvolumes 2026-05-08 14:21 UTC CVE-2026-43351: KVM: arm64: Eagerly init vgic dist/redist on vgic creation 2026-05-08 14:21 UTC CVE-2026-43352: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue 2026-05-08 14:21 UTC CVE-2026-43350: smb: client: require a full NFS mode SID before reading mode bits 2026-05-08 13:41 UTC CVE-2026-43348: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER 2026-05-08 13:41 UTC CVE-2026-43349: f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer 2026-05-08 13:41 UTC CVE-2026-43347: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region 2026-05-08 13:39 UTC CVE-2026-43346: ice: ptp: don't WARN when controlling PF is unavailable 2026-05-08 13:39 UTC CVE-2026-43344: perf/x86/intel/uncore: Fix die ID init and look up bugs 2026-05-08 13:39 UTC CVE-2026-43345: net: ipa: fix event ring index not programmed for IPA v5.0 2026-05-08 13:39 UTC CVE-2026-43343: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free 2026-05-08 13:37 UTC CVE-2026-43342: usb: gadget: f_rndis: Protect RNDIS options with mutex 2026-05-08 13:37 UTC CVE-2026-43340: comedi: Reinit dev->spinlock between attachments to low-level drivers 2026-05-08 13:37 UTC CVE-2026-43341: net/ipv6: ioam6: prevent schema length wraparound in trace fill 2026-05-08 13:37 UTC CVE-2026-43321: bpf: Properly mark live registers for indirect jumps 2026-05-08 13:26 UTC CVE-2026-43320: drm/amd/display: Fix dsc eDP issue 2026-05-08 13:26 UTC CVE-2026-43319: spi: spidev: fix lock inversion between spi_lock and buf_lock 2026-05-08 13:26 UTC CVE-2026-43318: drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify 2026-05-08 13:26 UTC CVE-2026-43317: most: core: fix leak on early registration failure 2026-05-08 13:26 UTC CVE-2025-71302: drm/panthor: fix for dma-fence safe access rules 2026-05-08 13:26 UTC CVE-2026-43316: media: solo6x10: Check for out of bounds chip_id 2026-05-08 13:26 UTC CVE-2025-71300: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" 2026-05-08 13:15 UTC CVE-2025-71301: drm/tests: shmem: Hold reservation lock around vmap/vunmap 2026-05-08 13:15 UTC CVE-2026-43314: dm: remove fake timeout to avoid leak request 2026-05-08 13:12 UTC CVE-2026-43315: KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding 2026-05-08 13:12 UTC CVE-2026-43290: media: uvcvideo: Return queued buffers on start_streaming() failure 2026-05-08 13:11 UTC CVE-2026-43289: kexec: derive purgatory entry from symbol 2026-05-08 13:11 UTC CVE-2026-43288: ext4: move ext4_percpu_param_init() before ext4_mb_init() 2026-05-08 13:11 UTC CVE-2026-43287: drm: Account property blob allocations to memcg 2026-05-08 13:11 UTC CVE-2026-43286: mm/hugetlb: restore failed global reservations to subpool 2026-05-08 13:11 UTC CVE-2026-43285: mm/slab: do not access current->mems_allowed_seq if !allow_spin 2026-05-08 13:11 UTC CVE-2026-43313: ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() 2026-05-08 13:12 UTC CVE-2026-43312: media: i2c: ov5647: Initialize subdev before controls 2026-05-08 13:12 UTC CVE-2026-43311: soc/tegra: pmc: Fix unsafe generic_handle_irq() call 2026-05-08 13:12 UTC CVE-2025-71299: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing 2026-05-08 13:11 UTC CVE-2026-43310: media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC 2026-05-08 13:12 UTC CVE-2026-43309: md raid: fix hang when stopping arrays with metadata through dm-raid 2026-05-08 13:12 UTC CVE-2026-43308: btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() 2026-05-08 13:12 UTC CVE-2026-43307: iio: accel: adxl380: Avoid reading more entries than present in FIFO 2026-05-08 13:12 UTC CVE-2026-43306: bpf: crypto: Use the correct destructor kfunc type 2026-05-08 13:12 UTC CVE-2026-43305: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path 2026-05-08 13:12 UTC CVE-2026-43304: libceph: define and enforce CEPH_MAX_KEY_LEN 2026-05-08 13:12 UTC CVE-2026-43303: mm/page_alloc: clear page->private in free_pages_prepare() 2026-05-08 13:12 UTC CVE-2026-43302: drm/v3d: Set DMA segment size to avoid debug warnings 2026-05-08 13:12 UTC CVE-2026-43301: media: chips-media: wave5: Fix PM runtime usage count underflow 2026-05-08 13:12 UTC CVE-2025-71298: drm/tests: shmem: Hold reservation lock around madvise 2026-05-08 13:11 UTC CVE-2026-43300: drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() 2026-05-08 13:12 UTC CVE-2026-43299: btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() 2026-05-08 13:12 UTC CVE-2026-43298: drm/amdgpu: Skip vcn poison irq release on VF 2026-05-08 13:12 UTC CVE-2026-43297: media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() 2026-05-08 13:12 UTC CVE-2026-43296: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky 2026-05-08 13:12 UTC CVE-2026-43295: rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() 2026-05-08 13:12 UTC CVE-2026-43294: drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels 2026-05-08 13:11 UTC CVE-2026-43293: media: chips-media: wave5: Fix kthread worker destruction in polling mode 2026-05-08 13:11 UTC CVE-2026-43292: mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node 2026-05-08 13:11 UTC CVE-2026-43291: net: nfc: nci: Fix parameter validation for packet data 2026-05-08 13:11 UTC CVE-2025-71296: drm/tests: shmem: Hold reservation lock around purge 2026-05-08 13:11 UTC CVE-2025-71297: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() 2026-05-08 13:11 UTC CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags 2026-05-08 7:21 UTC CVE-2025-71285: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels 2026-05-06 11:32 UTC CVE-2025-71294: drm/amdgpu: fix NULL pointer issue buffer funcs 2026-05-06 11:32 UTC CVE-2025-71293: drm/amdgpu/ras: Move ras data alloc before bad page check 2026-05-06 11:32 UTC CVE-2025-71292: jfs: nlink overflow in jfs_rename 2026-05-06 11:32 UTC

Dirty Frag の embargo が破られたのなんでかな〜と思って調べたら、netdev にマージされた公開修正コミットから逆算して（ distros がパッチを backport し終わる前に）武器化したのか。今回は武器化した本人が謝罪してるけど、サイレントに AI で逆算して悪用されたら...。 openwall.com/lists/oss-secur…

Linux旧式NIC18本の削除案、前日からのnetdev削除波に連なる　3c59xには現役利用の申告 xenospectrum.com/linux-nic-d…

ここ 2, 3 ヶ月感じてたことが今回の netdev stats にドンピシャで書かれてた lore.kernel.org/netdev/20260…

yes i am a systemd-goy yes i use systemd-boot yes i handwrite my systemd-networkd units and notarize my individual .netdev files and i NEVER EVER disable systemd-networkd-wait-online EVERYBODY LOVES SYSTEMD

qemu の -netdev は ipv6=on にすると ipv4 はオフになる - tokuhirom's blog blog.64p.org/entry/2026/02/0…

qemu って -netdev ipv6=on にすると ipv4 止まるのね。。 ipv6=on,ipv4=on にしないと乙

Cloud NetDev Divisionのインターンの成果報告のブログ記事がでました!