96 matches found
CVE-2024-37151 Suricata defrag: IP ID reuse can lead to policy bypass
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When usin...
CVE-2024-37151 Suricata defrag: IP ID reuse can lead to policy bypass
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When usin...
CVE-2024-37151
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When usin...
CVE-2024-37151 Suricata defrag: IP ID reuse can lead to policy bypass
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When usin...
CVE-2024-37151
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When usin...
SUSE CVE-2021-47508
In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 size 64: comm "xfsio", pid 12124, jiffies 4294987392 age 6.368s hex...
UBUNTU-CVE-2021-47508
In the Linux kernel, the following vulnerability has been resolved: btrfs: free exchange changeset on failures Fstests runs on my VMs have show several kmemleak reports like the following. unreferenced object 0xffff88811ae59080 size 64: comm "xfsio", pid 12124, jiffies 4294987392 age 6.368s hex...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect CVE-2024-26923 In the...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use CVE-2024-26921 In the Linux kernel, the following vulnerability has been resolved: afunix: Fix garbage collector racing against connect CVE-2024-26923 In the...
CVE-2024-32867 Suricata's defrag contains various issues leading to policy bypass
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19...
SUSE CVE-2024-26921
In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...
UBUNTU-CVE-2024-26921
In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...
CVE-2024-26921
CVE-2024-26921 is a Linux kernel issue where in the tx path, skb fragments could trigger a use-after-free of the socket when fragments are reassembled and the skb->sk field is freed prematurely. The fix, analyzed by Eric Dumazet, moves orphaning to the last safe moment, delaying skb->sk des...
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
...
SUSE CVE-2023-3111
A use after free vulnerability was found in preparetorelocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfsioctlbalance before calling btrfsioctldefrag...
AZL-27087 CVE-2023-3111 affecting package kernel for versions less than 5.15.116.1-2
A use after free vulnerability was found in preparetorelocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfsioctlbalance before calling btrfsioctldefrag...
DEBIAN-CVE-2023-3111
A use after free vulnerability was found in preparetorelocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfsioctlbalance before calling btrfsioctldefrag...
UBUNTU-CVE-2023-3111
A use after free vulnerability was found in preparetorelocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfsioctlbalance before calling btrfsioctldefrag...
GSD-2022-1000723 btrfs: defrag: allow defrag_one_cluster() to skip large extent which is not a target
btrfs: defrag: allow defragonecluster to skip large extent which is not a target This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.12 by...
GSD-2022-1000602 btrfs: defrag: fix wrong number of defragged sectors
btrfs: defrag: fix wrong number of defragged sectors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.5 by commit...