Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a page leak when building a skb in big mode...

UBUNTU-CVE-2024-35973

In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve6xmitskb syzbot is able to trigger an uninit-value in genevexmit 1 Problem : While most ip tunnel helpers like iptunnelgetdsfield uses skbprotocolskb, true, pskbinetmaypull is only using...

DEBIAN-CVE-2024-35890

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a skb panic problem in the net/mana module...

DEBIAN-CVE-2024-35856

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hcidevcdappend would free the skb on error so the caller don't have to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter...

DEBIAN-CVE-2024-27418

In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctplocaloutput Currently, mctplocaloutput only takes ownership of skb on success, and we may leak an skb if mctplocaloutput fails in specific states; the skb ownership isn't transferred until...

DEBIAN-CVE-2024-27402

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

UBUNTU-CVE-2024-27402

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

CVE-2024-27402

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

UBUNTU-CVE-2024-27418

In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctplocaloutput Currently, mctplocaloutput only takes ownership of skb on success, and we may leak an skb if mctplocaloutput fails in specific states; the skb ownership isn't transferred until...

CVE-2024-27402

CVE-2024-27402 affects the Linux kernel’s phonet/pep path. The description states a race in skb_queue_empty() is mishandled: receive queues are protected by their spin-locks, not the socket lock, which can cause skb_peek() to return NULL or a pointer to a socket buffer that has already been deque...

CVE-2024-27402 phonet/pep: fix racy skb_queue_empty() use

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

PT-2024-21882

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the mctp local output function in the Linux kernel, which only takes ownership of the skb on success. If mctp local output fails in specific states, it may leak a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing the driver to prompt for SKB recycling...

AZL-40509 CVE-2024-26953 affecting package hyperv-daemons for versions less than 5.15.158.2-1

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from pagepool When the skb is reorganized during espoutput !esp-inline, the pages coming from the original skb fragments are supposed to be released back to the system through putpage. But if t...

UBUNTU-CVE-2024-26959

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix btnxpuartclose Fix scheduling while atomic BUG in btnxpuartclose, properly purge the transmit queue and free the receive skb. 10.973809 BUG: scheduling while atomic: kworker/u9:0/80/0x00000002...

kernel: GC's deletion of an SKB races with unix_stream_read_generic() leading to UAF

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

kernel: Bluetooth: L2CAP: Fix potential user-after-free

A use-after-free flaw was identified in the Linux kernel’s Bluetooth L2CAP implementation. In certain conditions, when allocating a socket buffer via allocskb, the kernel may release and later reacquire the channel lock; if the channel is disconnected in the meantime, a subsequent reference to th...

kernel: wifi: ath12k: Avoid NULL pointer access during management transmit cleanup

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid NULL pointer access during management transmit cleanup Currently 'ar' reference is not added in skbcb. Though this is generally not used during transmit completion callbacks, on interface removal the remaining...

DEBIAN-CVE-2022-48637

In the Linux kernel, the following vulnerability has been resolved: bnxt: prevent skb UAF after handing over to PTP worker When reading the timestamp is required bnxttxint hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterwards, as the worker may run...