12 matches found
CVE-2024-50293
Technical details about CVE-2024-50293 (net/smc dangling sk in __smc_create) are not publicly provided in the supplied documents. Monitor for updates from official advisories.
CVE-2024-50256
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfrejectipv6: fix potential crash in nfsendreset6 I got a syzbot report without a repro 1 crashing in nfsendreset6 I think the issue is that dev-hardheaderlen is zero, and we attempt later to push an Ethernet header. U...
CVE-2024-50155
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
CVE-2024-47719 iommufd: Protect against overflow of ALIGN() during iova allocation
In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN overflows which corrupts the selected area range during...
CVE-2021-47395
In the Linux kernel, the following vulnerability has been resolved: mac80211: limit injected vht mcs/nss in ieee80211parsetxradiotap Limit max values for vht mcs and nss in ieee80211parsetxradiotap routine in order to fix the following warning reported by syzbot: WARNING: CPU: 0 PID: 10717 at...
CVE-2024-35892
CVE-2024-35892 stems from a Linux kernel net/sched issue where qdisc_tree_reduce_backlog() was called with the qdisc lock held while RTNL was not held, triggering a lockdep splat due to unsafe RCU usage. The fix switches from qdisc_lookup() to qdisc_lookup_rcu() to safely dereference qdisc data u...
CVE-2024-26641 ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...
CVE-2024-26641 ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...
CVE-2024-26638 nbd: always initialize struct msghdr completely
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...
CVE-2023-52603 UBSAN: array-index-out-of-bounds in dtSplitRoot
In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfsdtree.c:1971:9 index -2 is out of range for type...
CVE-2023-52528
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in smsc75xxreadreg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in smsc75xxwaitready...
CVE-2021-46992
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nfthashbuckets Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nfthashbuckets syzbot injected a size == 0x40000000 and reported: UBSAN:...