CVE-2022-48925

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside state checks If the state is not idle then resolvepreparesrc should immediately fail and no change to global state should happen. However, it unconditionally overwrites the srcad...

CVE-2022-48925 RDMA/cma: Do not change route.addr.src_addr outside state checks

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.srcaddr outside state checks If the state is not idle then resolvepreparesrc should immediately fail and no change to global state should happen. However, it unconditionally overwrites the srcad...

CVE-2022-48912 netfilter: fix use-after-free in __nf_register_net_hook()

In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in nfregisternethook We must not dereference @newhooks after nfhookmutex has been released, because other threads might have freed our allocated hooks already. BUG: KASAN: use-after-free in...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-36901)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36901 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in...

CVE-2022-48869

CVE-2022-48869 concerns the Linux kernel gadgetfs USB driver. The issue arises from a race between gadgetfs_fill_super() (mount path) and gadgetfs_kill_sb() (unmount path), where the_device could be deallocated while gadgetfs_fill_super() still uses it, resulting in a use-after-free. The provided...

CVE-2024-42266

A flaw was found in the btrfs module in the Linux kernel. Improper locking can occur due to an improper handling of error conditions, causing a kernel panic and resulting in a denial of service...

CVE-2024-43817

In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...

CVE-2024-43817

The CVE CVE-2024-43817 describes a Linux kernel vulnerability in the virtio_net path: two missing checks in virtio_net_hdr_to_skb() can trigger a crash. The issues arise when after skb_segment the buffer remains non-linear (nr_frags != 0) and SKBTX_SHARED_FRAG is not set, preventing __skb_lineari...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42076)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42076 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data ...

CVE-2024-42082

In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN from xdpregmemmodel syzkaller reports a warning in xdpregmemmodel. The warning occurs only if memidinithashtable returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtableinit...

CVE-2024-42114 wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211ATTRTXQQUANTUM values syzbot is able to trigger softlockups, setting NL80211ATTRTXQQUANTUM to 2^31. We had a similar issue in schfq, fixed with commit d9e15a273306 "pktsched: fq: do not accept sill...

CVE-2024-42111 btrfs: always do the basic checks for btrfs_qgroup_inherit structure

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfsqgroupinherit structure BUG Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfsqgroupinherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of si...

CVE-2024-42111 btrfs: always do the basic checks for btrfs_qgroup_inherit structure

In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfsqgroupinherit structure BUG Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfsqgroupinherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of si...

CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

CVE-2024-42082

CVE-2024-42082 is a Linux kernel vulnerability where a syzkaller-triggered WARN was introduced in __xdp_reg_mem_model() when __mem_id_init_hash_table() failed. The issue arose only from memory allocation failure; a static const rhashtable_params prevented rhashtable_init() misconfiguration. The w...

CVE-2024-42082 xdp: Remove WARN() from __xdp_reg_mem_model()

In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN from xdpregmemmodel syzkaller reports a warning in xdpregmemmodel. The warning occurs only if memidinithashtable returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtableinit...

CVE-2024-40905

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in fib6droppcpufrom syzbot found a race in fib6droppcpufrom 1 If compiler reads more than once ppcpurt, second read could read NULL, if another cpu clears the value in rt6getpcpuroute. Add a READONCE to...

CVE-2022-48855 sctp: fix kernel-infoleak for SCTP sockets

In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak 1 of 4 bytes. After analysis, it turned out r-idiagexpires is not initialized if inetsctpdiagfill calls inetdiagmsgcommonfill Make sure to clear...

CVE-2022-48839 net/packet: fix slab-out-of-bounds access in packet_recvmsg()

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket is using PACKETCOPYTHRESH and mmap operations, tpacketrcv is queueing skbs with garbage in skb-cb, triggering a too big copy 1...

CVE-2022-48802

In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: don't read mapcount for migration entry The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not...