SUSE CVE-2024-26887

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix memory leak This checks if CONFIGDEVCOREDUMP is enabled before attempting to clone the skb and also make sure btmtkprocesscoredump frees the skb passed following the same logic...

SUSE CVE-2024-26825

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rxdatareassembly skb on NCI device cleanup rxdatareassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet wit...

SUSE CVE-2024-26857

In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...

DEBIAN-CVE-2024-26825

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rxdatareassembly skb on NCI device cleanup rxdatareassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet wit...

SUSE CVE-2024-26750

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop oobskb ref before purging queue in GC. syzbot reported another task hung in unixgc. 0 The current while loop assumes that all of the left candidates have oobskb and calling kfreeskboobskb releases the remaining...

SUSE CVE-2024-26804

In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in skbflowdissect+0x19d1/0x7a50 net/core/flowdissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task...

UBUNTU-CVE-2024-26739

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcfmirredforward, yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have...

DEBIAN-CVE-2024-26676

In the Linux kernel, the following vulnerability has been resolved: afunix: Call kfreeskb for dead unixsk-oobskb in GC. syzbot reported a warning 0 in unixgc with a repro, which creates a socketpair and sends one socket's fd to itself using the peer. socketpairAFUNIX, SOCKSTREAM, 0, 3, 4 = 0...

DEBIAN-CVE-2021-47162

In the Linux kernel, the following vulnerability has been resolved: tipc: skblinearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's fraglist if the fraglist already has skbs from elsewhere, such as this skb was created by pskbcopy where the fraglist w...

UBUNTU-CVE-2021-47162

In the Linux kernel, the following vulnerability has been resolved: tipc: skblinearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's fraglist if the fraglist already has skbs from elsewhere, such as this skb was created by pskbcopy where the fraglist w...

DEBIAN-CVE-2021-47137

In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails,...

UBUNTU-CVE-2021-47146

In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mldnewpack mldnewpack doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skbput. Test commands: ip netns del A ip netns de...

UBUNTU-CVE-2021-47137

In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails,...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ability of a program to spoof llcuisendmsg to allocate a skb with no margin...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel has a security vulnerability that stems from the presence of a skb leak...

net: prevent mss overflow in skb_segment()

...

SUSE CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

DEBIAN-CVE-2021-47099

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

DEBIAN-CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

UBUNTU-CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...