What is GHSA-54qr-3h8v-g6xr?

GHSA-54qr-3h8v-g6xr is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after...

Which CVE IDs does GHSA-54qr-3h8v-g6xr cover?

GHSA-54qr-3h8v-g6xr covers the following CVE IDs: CVE-2026-45929. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-54qr-3h8v-g6xr?

GHSA-54qr-3h8v-g6xr has a CVSS v3 base score of 7.8, published by GitHub Security Advisories.

GHSA-54qr-3h8v-g6xrHighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-45929 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

ovpn: fix possible use-after-free in ovpn_net_xmit

When building the skb_list in ovpn_net_xmit, skb_share_check will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent operations:

peer lookup,
skb_dst_drop (even though all segments produced by skb_gso_segment will have a dst attached),
ovpn_peer_stats_increment_tx.

Fix this by moving the peer lookup and skb_dst_drop before segmentation so that the original skb is still valid when used. Return early if all segments fail skb_share_check and the list ends up empty. Also switch ovpn_peer_stats_increment_tx to use skb_list.next; the next patch fixes the stats logic.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (5)