CVE-2021-47395 mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap

In the Linux kernel, the following vulnerability has been resolved: mac80211: limit injected vht mcs/nss in ieee80211parsetxradiotap Limit max values for vht mcs and nss in ieee80211parsetxradiotap routine in order to fix the following warning reported by syzbot: WARNING: CPU: 0 PID: 10717 at...

CVE-2021-47376

CVE-2021-47376 is a Linux kernel issue where an oversize allocation in kmalloc path could trigger a warning during BPF verification. The provided description and connected advisories indicate the fix adds an oversize check before kvcalloc() via the commit that introduces the guard in mm/kvmalloc(...

CVE-2021-47370 mptcp: ensure tx skbs always have the MPTCP ext

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...

CVE-2021-47370

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...

CVE-2021-47370

CVE-2021-47370 affects the Linux kernel and concerns the MPTCP path: a signed/unsigned comparison in the code path that refills the TX cache can misbehave when size_goal is smaller than skb->len, causing the core TCP path to allocate an skb without the MPTCP extension. The fix rewrites the exp...

CVE-2021-47370 mptcp: ensure tx skbs always have the MPTCP ext

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...

CVE-2021-47230

CVE-2021-47230 affects the Linux kernel KVM on x86. The vulnerability arises from a lack of synchronization between the vCPU SMM flag and the MMU’s SMM flag, so that when RSM is not emulated correctly, KVM can bail out and leave the MMU in an inconsistent state. This misalignment can cause a NULL...

CVE-2021-47230 KVM: x86: Immediately reset the MMU context when the SMM flag is cleared

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared Immediately reset the MMU context when the vCPU's SMM flag is cleared so that the SMM flag in the MMU role is always synchronized with the vCPU's flag. If R...

Virtuozzo Hybrid Infrastructure 6.1 Update 1 (6.1.1-35)

In this release, Virtuozzo Hybrid Infrastructure enables virtual CPU and RAM overcommitment per node, as well as provides stability and performance improvements, and addresses issues found in previous releases. Vulnerability id: VSTOR-49565 Network errors occur when migrating a VM that was...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a vulnerability in the cxl/mem module...

CVE-2024-35976 xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDPUMEM|COMPLETIONFILLRING syzbot reported an illegal copy in xsksetsockopt 1 Make sure to validate setsockopt @optlen parameter. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset...

CVE-2024-35973 geneve: fix header validation in geneve[6]_xmit_skb

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in genevexmit 1 Problem : While most ip tunnel helpers like iptunnelgetdsfield uses skbprotocolskb, true, pskbinetmaypull is only using...

CVE-2024-35892

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix lockdep splat in qdisctreereducebacklog qdisctreereducebacklog is called with the qdisc lock held, not RTNL. We must use qdisclookuprcu instead of qdisclookup syzbot reported: WARNING: suspicious RCU usage...

CVE-2024-35896

In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 "bpf: Try to avoid kzalloc in cgroup/s,getsockopt" setsockopt @optlen argument should be...

CVE-2024-35892

CVE-2024-35892 stems from a Linux kernel net/sched issue where qdisc_tree_reduce_backlog() was called with the qdisc lock held while RTNL was not held, triggering a lockdep splat due to unsafe RCU usage. The fix switches from qdisc_lookup() to qdisc_lookup_rcu() to safely dereference qdisc data u...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6767-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-1 advisory. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of- bounds read vulnerability. An attacker...

CVE-2022-48689

CVE-2022-48689 pertains to a Linux kernel issue in TCP zerocopy where pfmemalloc status could be misinterpreted by page_is_pfmemalloc() in certain paths. The Astra Linux note confirms the advisory and reiterates the same vulnerability in the kernel and notes a prereq backport: 84ce071e38a6 (net: ...

CVE-2022-48689 tcp: TX zerocopy should not sense pfmemalloc status

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report 1 showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control C&C infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...

CVE-2024-27070

Summary (CVE-2024-27070): The Linux kernel f2fs subsystem is affected by a use-after-free in f2fs_filemap_fault. The root cause is that vmf->vma may be not alive after filemap_fault(), causing an invalid access to vmf->vma->vm_flags in trace_f2fs_filemap_fault. The fix is to keep vm_flag...