CVE-2024-36915

CVE-2024-36915 concerns the Linux kernel’s NFC LLCP path where nfc_llcp_setsockopt() could unsafe-copy from user-supplied sockptr data, triggering a slab-out-of-bounds read. Symptom traces show reads of 4 bytes at a user task, linked to copy_from_sockptr() and inline copy_from_sockptr_offset; the...

CVE-2024-35962

In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that doreplace handlers use copyfromsockptr which I fixed, followed by unsafe copyfromsockptroffset calls. In all functions, we can perform the @optlen...

CVE-2024-35976 xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDPUMEM|COMPLETIONFILLRING syzbot reported an illegal copy in xsksetsockopt 1 Make sure to validate setsockopt @optlen parameter. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset...

CVE-2024-35962 netfilter: complete validation of user input

In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that doreplace handlers use copyfromsockptr which I fixed, followed by unsafe copyfromsockptroffset calls. In all functions, we can perform the @optlen...