Linux Kernel Daily: Critical Networking and Security Fixes

Transcript

Good morning, this is Linux Kernel Daily for May 30th, 2026.

Today's activity centered on critical fixes with 30 commits but no merged pull requests. Linus Torvalds handled multiple merge commits incorporating fixes from various subsystem maintainers.

The most significant activity came from networking fixes. Jakub Kicinski's networking pull included 36 commits addressing serious issues. Key fixes include a WireGuard padding vulnerability where trailer zeros weren't properly copied during header expansion, potentially exposing uninitialized memory. The team also reverted an IPv6 address ordering change that was breaking SSH connections and confusing NetworkManager's address caching logic.

IPsec received substantial attention with Steffen Klassert's security-focused pull. Nine commits addressed buffer overflow vulnerabilities and namespace handling issues. Critical fixes include preventing xfrm_state_mtu underflows that could trigger multi-terabyte out-of-bounds writes, and fixing RCU synchronization during namespace cleanup that was causing system stalls.

Paolo Bonzini's KVM pull addressed 22 commits worth of virtualization fixes. The top priority items were buffer overflow fixes in the page state change protocol for encrypted VMs - vulnerabilities that AI security models have reportedly identified multiple times. Additional ARM64 and x86 fixes addressed memory leaks, TLB flushing issues, and PMU counter preservation problems.

Mark Brown contributed SPI subsystem fixes preventing corruption of maximum frequency settings that could cause hardware instability. The regmap subsystem received a fix for cache-only mode handling of volatile registers.

What's next: The concentration of security fixes suggests heightened scrutiny ahead of the 7.1 release candidate 7. Additional KVM cleanup work is planned for the 7.2 cycle.

That's your Linux Kernel Daily update. Stay secure.