3 matches found
Security update for the Linux Kernel (Live Patch 52 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122189 fixes several issues. The following security issues were fixed: CVE-2022-48686: Fixed UAF when detecting digest errors bsc1226337. CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. CVE-2022-48956...
kernel: nvme-tcp: fix UAF when detecting digest errors
A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvmetcpiowork. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem...
CVE-2022-48686
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the iowork loop when we set rdenabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sync or corrupted...