5 matches found
CVE-2024-26857
In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...
CVE-2024-26857
CVE-2024-26857 affects the Linux kernel, specifically the Geneve tunnel path. The issue stems from not safely handling skb/header state during inner header pull in geneve_rx(), risking uninitialized usage of headers after pskb_inet_may_pull(). The root cause is tied to how skb->network_header ...
SUSE CVE-2024-26641
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...
CVE-2024-26641 ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...
CVE-2024-26641
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...