354 matches found
CVE-2021-47103 inet: fully convert sk->sk_rx_dst to RCU rules
In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...
CVE-2021-47103 inet: fully convert sk->sk_rx_dst to RCU rules
In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...
CVE-2023-52577
In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in "struct dccphdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways no more assumptions...
CVE-2023-52577
In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in "struct dccphdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways no more assumptions...
CVE-2023-52577 dccp: fix dccp_v4_err()/dccp_v6_err() again
In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in "struct dccphdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways no more assumptions...
CVE-2023-52577 dccp: fix dccp_v4_err()/dccp_v6_err() again
In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in "struct dccphdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways no more assumptions...
CVE-2023-52528 net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in smsc75xxreadreg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xxwaitready...
CVE-2023-52528
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in smsc75xxreadreg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xxwaitready...
CVE-2021-47078 RDMA/rxe: Clear all QP fields if creation failed
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...
CVE-2021-47078
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxeqpdocleanup relies on valid pointer values in QP for the properly created ones, but in case rxeqpfrominit failed it was filled with garbage and caused tot the following error...
CVE-2021-46992
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nfthashbuckets syzbot injected a size == 0x40000000 and reported: UBSAN:...
CVE-2021-46992
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nfthashbuckets syzbot injected a size == 0x40000000 and reported: UBSAN:...
CVE-2021-46992 netfilter: nftables: avoid overflows in nft_hash_buckets()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nfthashbuckets syzbot injected a size == 0x40000000 and reported: UBSAN:...
CVE-2021-46992 netfilter: nftables: avoid overflows in nft_hash_buckets()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nfthashbuckets syzbot injected a size == 0x40000000 and reported: UBSAN:...
CVE-2021-46915
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: avoid possible divide error in nftlimitinit divu64 divides u64 by u32. nftlimitinit wants to divide u64 by u64, use the appropriate math function div64u64 divide error: 0000 1 PREEMPT SMP KASAN CPU: 1 PID: 83...
CVE-2021-46915 netfilter: nft_limit: avoid possible divide error in nft_limit_init
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: avoid possible divide error in nftlimitinit divu64 divides u64 by u32. nftlimitinit wants to divide u64 by u64, use the appropriate math function div64u64 divide error: 0000 1 PREEMPT SMP KASAN CPU: 1 PID: 83...
CVE-2021-46915 netfilter: nft_limit: avoid possible divide error in nft_limit_init
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: avoid possible divide error in nftlimitinit divu64 divides u64 by u32. nftlimitinit wants to divide u64 by u64, use the appropriate math function div64u64 divide error: 0000 1 PREEMPT SMP KASAN CPU: 1 PID: 83...
CVE-2023-52435 net: prevent mss overflow in skb_segment()
In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the following computation in skbsegment can reach it quite easily : mss = ms...
Jenkins Google Compute Engine Plugin has incorrect permission checks
Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: - Enumerate...
GHSA-PGPJ-83G3-MFR2 Jenkins Google Compute Engine Plugin has incorrect permission checks
Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier does not correctly perform permission checks in multiple HTTP endpoints. This allows attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to do the following: - Enumerate...