354 matches found
CVE-2024-36902 ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6rules: avoid possible NULL dereference in fib6ruleaction syzbot is able to trigger the following crash 1, caused by unsafe ip6dstidev use. Indeed ip6dstidev can return NULL, and must always be checked. 1 Oops: general...
CVE-2024-36901 ipv6: prevent NULL dereference in ip6_output()
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6output According to syzbot, there is a chance that ip6dstidev returns NULL in ip6output. Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported: general...
CVE-2021-47512 net/sched: fq_pie: prevent dismantle issue
In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: prevent dismantle issue For some reason, fqpiedestroy did not copy working code from piedestroy and other qdiscs, thus causing elusive bug. Before calling deltimersync&q-adapttimer, we need to ensure timer will...
CVE-2021-47512 net/sched: fq_pie: prevent dismantle issue
In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: prevent dismantle issue For some reason, fqpiedestroy did not copy working code from piedestroy and other qdiscs, thus causing elusive bug. Before calling deltimersync&q-adapttimer, we need to ensure timer will...
CVE-2021-47370
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...
CVE-2021-47462
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: do not allow illegal MPOLFNUMABALANCING | MPOLLOCAL in mbind syzbot reported access to unitialized memory in mbind 1 Issue came with commit bda420b98505 "numa balancing: migrate on fault among multiple bound nodes"...
CVE-2021-47462
CVE-2021-47462 affects the Linux kernel mempolicy/memory policy handling. The root cause was an invalid combination check for MPOL_MODE_FLAGS: MPOL_F_NUMA_BALANCING may only pair with MPOL_BIND, but the check existed only in do_set_mempolicy(). The patch moves this validation into sanitize_mpol_f...
CVE-2021-47462 mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind()
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: do not allow illegal MPOLFNUMABALANCING | MPOLLOCAL in mbind syzbot reported access to unitialized memory in mbind 1 Issue came with commit bda420b98505 "numa balancing: migrate on fault among multiple bound nodes"...
CVE-2023-52796
In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...
CVE-2023-52701
In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...
CVE-2023-52796 ipvlan: add ipvlan_route_v6_outbound() helper
In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...
CVE-2023-52796 ipvlan: add ipvlan_route_v6_outbound() helper
In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...
CVE-2023-52796
In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...
CVE-2023-52796 ipvlan: add ipvlan_route_v6_outbound() helper
In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...
CVE-2023-52772 af_unix: fix use-after-free in unix_stream_read_actor()
In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...
CVE-2023-52742
The CVE-2023-52742 entry concerns the Linux kernel USB plusb driver. The vulnerability arises from treating a zero-length control-OUT transfer as a read instead of a write, triggering a WARNING in urb.c when usb_submit_urb is executed. The provided connected details specify the root cause as inco...
CVE-2023-52701 net: use a bounce buffer for copying skb->mark
In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...
CVE-2021-47376
In the Linux kernel, the following vulnerability has been resolved: bpf: Add oversize check before call kvcalloc Commit 7661809d493b "mm: don't allow oversized kvmalloc calls" add the oversize check. When the allocation is larger than what kmalloc supports, the following warning triggered: WARNIN...
CVE-2021-47370
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...
CVE-2021-47419
In the Linux kernel, the following vulnerability has been resolved: net/sched: schtaprio: properly cancel timer from tapriodestroy There is a comment in qdisccreate about us not calling ops-reset in some cases. errout4: / Any broken qdiscs that would require a ops-reset here? The qdisc was never ...