kernel: skbuff: fix coalescing for page_pool fragment recycling

In the Linux kernel, the following vulnerability has been resolved: skbuff: fix coalescing for pagepool fragment recycling Fix a use-after-free when using pagepool with page fragments. We encountered this problem during normal RX in the hns3 driver: 1 Initially we have three descriptors in the RX...

kernel: veth: ensure skb entering GRO are not cloned.

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

PT-2022-35451 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.152 Description: The issue is related to a possible NULL dereference in the skb clone function. This problem was introduced in version v3.17 and is fixed in Linux Kernel version v5.10.152. The actual impac...

PT-2022-35023 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: A potential memory leak issue has been identified. The issue is related to the wifi driver rtw89 and the handling of unused skb. The actual impact and attack plausibility have not yet been...

kernel: veth: Ensure eth header is in skb's linear part

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

CVE-2022-3636

A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function mtkppecheckskb of the file drivers/net/ethernet/mediatek/mtkppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this...

CVE-2022-3586

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing...

DEBIAN-CVE-2022-3586

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing...

UBUNTU-CVE-2022-3586

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing...

CVE-2022-3586

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing...

CVE-2022-3586

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing...

PT-2022-34711 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.39 through 4.9.327 Description: The issue is related to a potential security problem in the Linux Kernel, where it is assumed that a certain packet skb remains available after being added to a queue for a child...

Vulnerability of the __bpf_skb_max_len() function (net/core/filter.c) in the Linux operating system’s kernel, which allows an intruder to access potentially confidential information

The vulnerability of the bpfskbmaxlen function net/core/filter.c in the Linux operating system is related to a read-out error beyond the memory boundaries. Exploiting this vulnerability could allow an attacker to access potentially confidential information...

PT-2022-33302 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.6 Description: The issue is related to data-races around sysctl max skb frags. The actual impact and attack plausibility have not yet been proven. It was introduced in version v4.5 and fixed in Linux Kerne...

Easy Chat Server 3.1 - Remote Stack Buffer Overflow (SEH) Exploit

Exploit Title: Easy Chat Server 3.1 - Remote Stack Buffer Overflow SEH Exploit Author: r00tpgp @ http://www.r00tpgp.com Usage: python easychat-exploit.py Spawns reverse meterpreter LHOST=192.168.0.162 LPORT=1990 CVE: CVE-2004-2466 Installer: http://www.echatserver.com/ Tested on: Microsoft Window...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen that...

The vulnerability of the skb_page_frag_refill parameter in the implementation of the Linux-based operating system kernel for IPSec protocols allows a attacker to cause a service failure.

The vulnerability of the “skbpagefragrefill” parameter in the implementation of the Linux-based operating system’s IPSec kernel protocol is related to buffer overflow in the stack. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

PT-2025-53981

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak could occur in the rtw89 Wi-Fi driver under power saving mode. The issue involves failing to free an unused skb socket buffer, potentially leading to memory exhaustion over...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3969-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3969-1 advisory. - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of al...

DEBIAN-CVE-2021-43976

In the Linux kernel through 5.15.2, mwifiexusbrecv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker who can connect a crafted USB device to cause a denial of service skboverpanic...