11 matches found
kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free
A vulnerability was found in isosockkill in net/bluetooth/iso.c in Bluetooth protocol stack in the Linux Kernel. In this flaw if the conn-sk is not set to NULL may lead to UAF on isoconnfree...
kernel: tcp: make sure init the accept_queue's spinlocks once
In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...
kernel: Bluetooth: SCO: Fix UAF on sco_sock_timeout
A use-after-free vulnerability was found in the Linux kernel's Bluetooth SCO. When scosocktimeout is called, conn-sk may be unlinked/freed while waiting for scoconnlock. This checks if the conn-sk is still valid by checking if it is part of scosklist, leading to a loss of availability and system...
DEBIAN-CVE-2024-50125
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scosocktimeout conn-sk maybe have been unlinked/freed while waiting for scoconnlock so this checks if the conn-sk is still valid by checking if it part of scosklist...
UBUNTU-CVE-2024-50125
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scosocktimeout conn-sk maybe have been unlinked/freed while waiting for scoconnlock so this checks if the conn-sk is still valid by checking if it part of scosklist...
DEBIAN-CVE-2024-26741
In the Linux kernel, the following vulnerability has been resolved: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished. syzkaller reported a warning 0 in inetcskdestroysock with no repro. WARNONinetsksk-inetnum && !inetcsksk-icskbindhash; However, the syzkaller's log...
kernel: denial of service in tipc_conn_close
A data race flaw was found in the Linux kernel, between where con is allocated and con-sock is set. This issue leads to a NULL pointer dereference when accessing con-sock-sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel...
OESA-2023-1177 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In bindertransactionbufferrelease of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
OESA-2023-1178 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In bindertransactionbufferrelease of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
SUSE CVE-2023-1382
A data race flaw was found in the Linux kernel, between where con is allocated and con-sock is set. This issue leads to a NULL pointer dereference when accessing con-sock-sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel...
BSA-2017-351
Security Advisory ID : BSA-2017-351 Component : Linux Kernel Revision : 3.0: Interim Theinetcskclonelockfunction in net/ipv4/inetconnectionsock.cin the Linux kernel allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept...