CVE-2023-53863

In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...

CVE-2023-53863 netlink: do not hard code device address lenth in fdb dumps

In the Linux kernel, the following vulnerability has been resolved: netlink: do not hard code device address lenth in fdb dumps syzbot reports that some netdev devices do not have a six bytes address 1 Replace ETHALEN by dev-addrlen. 1 Case of a device where dev-addrlen = 4 BUG: KMSAN:...

CVE-2024-42154

In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: validate source addr length I don't see anything checking that TCPMETRICSATTRSADDRIPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all neither does it for IPv6 but v6 is manual...

CVE-2024-42154

CVE-2024-42154 : In the Linux kernel, the vulnerability is in tcp_metrics: validate source addr length. The issue is that TCP_METRICS_ATTR_SADDR_IPV4 may be stored with fewer than 4 bytes and the policy lacks an entry for this attribute (IPv6 similarly manually validated). Root cause: missing len...