PT-2022-7679 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a potential use-after-free in the hisi femac rx function. This occurs because the skb is delivered to napi gro receive, which may free it. After this,...

PT-2022-7678 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the function hix5hd2 rx in the Linux kernel, specifically in the module drivers/net/ethernet/hisilicon/hix5hd2 gmac.c. It involves the potential reuse of...

kernel: veth: ensure skb entering GRO are not cloned.

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

kernel: iavf: Fix reset error handling

A deadlock condition exists in the linux kernel such that when calling iavfclose in iavfresettask error handling,doing so can lead to double call of napidisable thereby leading to a denial of service due to the deadlock...

PT-2022-6768 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds memory access flaw in the Linux kernel's TUN/TAP device driver functionality. This occurs when a user generates a malicious, overly large...

GSD-2022-1004816 net: tun: unlink NAPI from device on destruction

net: tun: unlink NAPI from device on destruction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.251 by commit...

GSD-2022-1004728 net: tun: stop NAPI when detaching queues

net: tun: stop NAPI when detaching queues This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.204 by commit...

GSD-2022-1004445 net: tun: stop NAPI when detaching queues

net: tun: stop NAPI when detaching queues This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.53 by commit...

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0 12.18.0 and < 14.4.0.

...

DEBIAN-CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

AZL-6546 CVE-2021-29264 affecting package kernel for versions less than 5.10.78.1-1

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

UBUNTU-CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

CVE-2021-29264

An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are...

CVE-2021-29264

The CVE-2021-29264 issue affects the Linux kernel’s Freescale Gianfar Ethernet driver (drivers/net/ethernet/freescale/gianfar.c). A negative fragment size is computed in scenarios with an RX queue overrun when jumbo packets are used and NAPI is enabled, enabling a network attacker to crash the sy...

Linux kernel 安全漏洞

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Etherne...

PT-2020-4060 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 10.21.0 Node.js versions prior to 12.18.0 Node.js versions prior to 14.4.0 Description: The issue is related to memory corruption in the napi get value string functions, specifically napi get value string latin1, nap...

kernel: use-after-free read in napi_gro_frags() in the Linux kernel

A flaw was found in the Linux kernel’s implementation of GRO. This flaw allows an attacker with local access to crash the system...

RHEL 7 : kernel-rt (RHSA-2017:0091)

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RHEL 7 : kernel-rt (RHSA-2016:0212)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0212 advisory. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's keys subsystem...