A use-after-free vulnerability was found in the Linux kernel’s netem qdisc. This issue occurs when it incorrectly manages duplicated packets in classful parent qdiscs. This leads to a corrupted internal state and eventual dereferencing of freed memory, resulting in unpredictable behavior, system instability, or a crash.

A memory overflow vulnerability exists within the Linux kernel's networking subsystem. Specifically, an application can set the SO_RCVBUF socket option to its maximum value (INT_MAX), which triggers an integer overflow within the udp_rmem_release() function during socket closure. The udp_destruct_common() purges its receive queue and sums up skb->truesize in the queue. This total is calculated and stored in a local unsigned integer variable. The total size is then passed to udp_rmem_release() to adjust memory accounting. Due to the function taking a signed integer argument, the total size can wrap around, causing a memory overflow condition, potentially leading to system instability.

In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario.