7.1

CVE-2026-46322

tun: free page on build_skb failure in tun_xdp_one()

In the Linux kernel, the following vulnerability has been resolved:

tun: free page on build_skb failure in tun_xdp_one()

When build_skb() fails in tun_xdp_one(), the function sets ret to
-ENOMEM and jumps to the out label, which returns without freeing the
page that vhost_net_build_xdp() allocated for the frame. As with the
short-frame rejection path, tun_sendmsg() discards the per-buffer error
and still returns total_len, so vhost_tx_batch() takes the success path
and never frees the page. Each build_skb() failure in a batch leaks one
page-frag chunk.

Free the page before taking the error path, matching the put_page() the
other error exits of tun_xdp_one() already perform.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.20 < 5.10.259
LinuxLinux Kernel Version >= 5.11 < 5.15.210
LinuxLinux Kernel Version >= 5.16 < 6.1.176
LinuxLinux Kernel Version >= 6.2 < 6.6.143
LinuxLinux Kernel Version >= 6.7 < 6.12.93
LinuxLinux Kernel Version >= 6.13 < 6.18.35
LinuxLinux Kernel Version >= 6.19 < 7.0.12
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
LinuxLinux Kernel Version7.1 Updaterc4
LinuxLinux Kernel Version7.1 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.028
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.1 2.5 4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/d16e38fac09a47bfcf98c1ad65a1bb53f94540f5
Patch
https://git.kernel.org/stable/c/aa308e9dbb9acb17cacdbbce9e4504f69bac8385
Patch
https://git.kernel.org/stable/c/4fefc6156a162a9f50035c12091a5e5130c82c6e
Patch
https://git.kernel.org/stable/c/aa8963fdce667a42fb7f0bdd2909fadcab02f9a8
Patch
https://git.kernel.org/stable/c/2638a9c1521905bb5c5d1e95c8fbc09f79148ed7
Patch
https://git.kernel.org/stable/c/26fe549b5192536b6c1c68a2dfdc8c0dcf9fa4a9
Patch
https://git.kernel.org/stable/c/60d9c0d6cdde5420d6483c921b16fe5465eb5238
Patch
https://git.kernel.org/stable/c/793385c154771603b8671dd8338927221e9d8d78
Patch