UBUNTU-CVE-2024-50163

In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpfredirect flags don't overlap The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri-flags field specifically,...

CVE-2024-50170 net: bcmasp: fix potential memory leak in bcmasp_xmit()

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix potential memory leak in bcmaspxmit The bcmaspxmit returns NETDEVTXOK without freeing skb in case of mapping fails, add devkfreeskb to fix it...

CVE-2024-50168 net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()

In the Linux kernel, the following vulnerability has been resolved: net/sun382586: fix potential memory leak in sun382586sendpacket The sun382586sendpacket returns NETDEVTXOK without freeing skb in case of skb-len being too long, add devkfreeskb to fix it...

kernel: ibmvnic: Add tx check to prevent skb leak

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: txbufffreemapconsumerindex-skb = newskb; freemapconsumerindex = IBMVNICINVALIDMAP; consumerindex ++; Whe...

SUSE CVE-2024-49938

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly ju...

SUSE CVE-2022-48960

In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2rx The skb is delivered to napigroreceive which may free it, after calling this, dereferencing skb may trigger use-after-free...

SUSE CVE-2022-48962

In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisifemacrx The skb is delivered to napigroreceive which may free it, after calling this, dereferencing skb may trigger use-after-free...

SUSE CVE-2022-49015

In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netifrx which may free it, after calling this, dereferencing skb may trigger use-after-free...

AZL-51242 CVE-2024-50035 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...

DEBIAN-CVE-2022-49008

In the Linux kernel, the following vulnerability has been resolved: can: can327: can327feedframetonetdev: fix potential skb leak when netdev is down In can327feedframetonetdev, it did not free the skb when netdev is down, and all callers of can327feedframetonetdev did not free allocated skb too...

DEBIAN-CVE-2022-49017

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipcmsgvalidate As the call trace shows, the original skb was freed in tipcmsgvalidate, and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in...

DEBIAN-CVE-2022-49015

In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netifrx which may free it, after calling this, dereferencing skb may trigger use-after-free...

UBUNTU-CVE-2022-49026

In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100xmitprepare In e100xmitprepare, if we can't map the skb, then return -ENOMEM, so e100xmitframe will return NETDEVTXBUSY and the upper layer will resend the skb. But the skb is already free...

UBUNTU-CVE-2022-48958

In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in grethinitrings The grethinitrings function won't free the newly allocated skb when dmamappingerror returns error, so add devkfreeskb to fix it. Compile tested only...

UBUNTU-CVE-2022-48960

In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2rx The skb is delivered to napigroreceive which may free it, after calling this, dereferencing skb may trigger use-after-free...

UBUNTU-CVE-2022-48964

In the Linux kernel, the following vulnerability has been resolved: ravb: Fix potential use-after-free in ravbrxgbeth The skb is delivered to napigroreceive which may free it, after calling this, dereferencing skb may trigger use-after-free...

DEBIAN-CVE-2024-49978

In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from fraglist Detect gso fraglist skbs with corrupted geometry see below and pass these to skbsegment instead of skbsegmentlist, as the first can segment them correctly. Valid...

CVE-2024-49938 wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9khtc: Use skbsetlength for resetting urb before resubmit Syzbot points out that skbtrim has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly ju...

SUSE CVE-2024-47713

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211dostop Since 'devqueuexmit' should be called with interrupts enabled, the following backtrace: ieee80211dostop ... spinlockirqsave&local-queuestopreasonlock, flags...

AZL-51156 CVE-2024-47713 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211dostop Since 'devqueuexmit' should be called with interrupts enabled, the following backtrace: ieee80211dostop ... spinlockirqsave&local-queuestopreasonlock, flags...