354 matches found
CVE-2024-26641
CVE-2024-26641 affects the Linux kernel’s IPv6/IP tunneling path. The issue arises in ip6_tunnel when receiving inner headers in __ip6_tnl_rcv(), which could access uninitialized data via a chained path (KMSAN warnings). The fix, as described in the description, is to call pskb_inet_may_pull() to...
CVE-2024-26638 nbd: always initialize struct msghdr completely
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...
CVE-2024-26636 llc: make llc_ui_sendmsg() more robust against bonding changes
In the Linux kernel, the following vulnerability has been resolved: llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header 1 Like some others, llcuisendmsg...
CVE-2023-52604
A flaw was found in the jfs module in the Linux kernel. An out-of-bounds read vulnerability can be triggered due to a missing input validation before updating the leaf of a tree with a new value, resulting in a denial of service...
CVE-2023-52603
In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...
CVE-2023-52603
In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...
CVE-2023-52604 FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 index 196694 is out of range for type 's81365' aka 'signed char1365' CPU: 1...
CVE-2023-52604 FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 index 196694 is out of range for type 's81365' aka 'signed char1365' CPU: 1...
CVE-2023-52603 UBSAN: array-index-out-of-bounds in dtSplitRoot
In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...
CVE-2023-52603
In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...
CVE-2023-52603 UBSAN: array-index-out-of-bounds in dtSplitRoot
In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...
CVE-2023-52599 jfs: fix array-index-out-of-bounds in diNewExt
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 index -878706688 is out of range for type 'struct iagctl128' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted...
CVE-2023-52599 jfs: fix array-index-out-of-bounds in diNewExt
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 index -878706688 is out of range for type 'struct iagctl128' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted...
CVE-2021-47092
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...
CVE-2023-52577
An out-of-bounds access flaw was found in dccpv4err and dccpv6err in the Linux kernel. This may lead to a crash...
CVE-2021-47106 netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftsetcatchalldestroy We need to use listforeachentrysafe iterator because we can not access @catchall after kfreercu call. syzbot reported: BUG: KASAN: use-after-free in...
CVE-2021-47106 netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftsetcatchalldestroy We need to use listforeachentrysafe iterator because we can not access @catchall after kfreercu call. syzbot reported: BUG: KASAN: use-after-free in...
CVE-2021-47092
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Always clear vmx-fail on emulationrequired Revert a relatively recent change that set vmx-fail if the vCPU is in L2 and emulationrequired is true, as that behavior is completely bogus. Setting vmx-fail and synthesizing ...
CVE-2021-47103
In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...