UBUNTU-CVE-2022-48722

In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154xmitcomplete helper is not called. Only ieee802154wakequeue is called manually. We then leak the skb structure. Free the skb structure upon error before returni...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an overflow problem in the net:amd-xgbe module skb...

DEBIAN-CVE-2021-47606

In the Linux kernel, the following vulnerability has been resolved: net: netlink: afnetlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netemenqueue function which is caused when skb-len=0 and skb-datalen=0 in...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the afnetlink component's lack of a length check on skb...

kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg

A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...

SUSE CVE-2022-3586

A flaw was found in the Linux kernel's networking code. A use-after-free was found in the way the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing...

PT-2024-32143

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises in the Linux kernel's net/mlx5e module, specifically with the SHAMPO Shared Header And Memory Pool Optimization feature. Under certain conditions, a new skb socket buffe...

SUSE CVE-2024-36903

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...

SUSE CVE-2024-36954

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipcbufappend skblinearize doesn't free the skb when it fails, so move 'buf = NULL' after skblinearize, so that the skb can be freed on the err path...

UBUNTU-CVE-2024-36927

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

UBUNTU-CVE-2024-36954

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipcbufappend skblinearize doesn't free the skb when it fails, so move 'buf = NULL' after skblinearize, so that the skb can be freed on the err path...

SUSE CVE-2021-47519

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jump to the outfail label and returns without calling mcanreceiveskb. This means that the skb...

DEBIAN-CVE-2021-47519

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jump to the outfail label and returns without calling mcanreceiveskb. This means that the skb...

UBUNTU-CVE-2021-47519

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jump to the outfail label and returns without calling mcanreceiveskb. This means that the skb...

SUSE CVE-2023-52846

In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prpcreatetaggedframe The prpfillrct function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb. So it's straight forward to f...

SUSE CVE-2021-47301

In the Linux kernel, the following vulnerability has been resolved: igb: Fix use-after-free error during reset Cleans the next descriptor to watch nexttowatch when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igbpoll runs while the controller is reset this can lead...

SUSE CVE-2021-47302

In the Linux kernel, the following vulnerability has been resolved: igc: Fix use-after-free error during reset Cleans the next descriptor to watch nexttowatch when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igcpoll runs while the controller is being reset this ca...

SUSE CVE-2023-52701

In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...

kernel: ip6_vti: fix slab-use-after-free in decode_session6

A use-after-free vulnerability was found in the IPv6 VTI Virtual Tunnel Interface implementation in the Linux kernel. When an IPv6 VTI device uses the SFB Stochastic Fair Blue qdisc, the control block cb field of an skb can be modified during packet enqueuing. The decodesession6 function then rea...

kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unreach()

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer skb was assumed to be associated with a device before calling ipoptionscompile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAPNETADMIN privileges t...