Linux Kernel Daily: Critical Network and KVM Security Fixes

Transcript

Good morning. This is Linux Kernel Daily for Saturday, May 29th, 2026.

Linus Torvalds merged three significant pull requests addressing critical security and stability issues. The networking fixes from Jakub Kicinski tackle real user-reported regressions from version 7.0, including a reverted IPv6 address ordering change that was causing SSH connection drops when NetworkManager reconfigured interfaces. The pull also includes fixes for infinite loops in IPv6 routing functions and critical buffer overflow patches for IPsec encrypted VMs.

The KVM fixes from Paolo Bonzini address multiple security vulnerabilities, particularly ten commits fixing buffer overflow flaws in the page state change protocol for encrypted VMs. These fixes prevent potential time-of-check to time-of-use attacks that could compromise VM security. Additional ARM64 fixes resolve memory leaks in tracing code and correct PMU counter handling.

Nathan Chancellor's Clang build fix addresses compiler warning compatibility, disabling attribute-alias warnings for Clang versions 23 and newer to match existing GCC behavior.

Among the thirty additional commits, notable fixes include Jason Donenfeld's WireGuard patch correcting packet padding order to prevent uninitialized memory exposure, and IPv6 routing fixes preventing CPU stalls under high network churn. The IPsec subsystem received nine security patches addressing namespace handling, memory management, and underflow protection.

The networking team also resolved Microsoft Azure MANA driver crashes during port attachment failures and fixed Bluetooth race conditions in connection handling and ISO socket management.

What's next: The development team indicates more encrypted VM security cleanups are planned for version 7.2, while these critical fixes prepare the current release candidate for production deployment.

That's your Linux kernel update for today. I'm your host, keeping you informed on the latest kernel development.