CVE-2024-56751

In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregisternetdevice: waiting for vethA-R1 to become free. Usage count = 6 reftracker:...

UBUNTU-CVE-2024-41081

In the Linux kernel, the following vulnerability has been resolved: ila: block BH in ilaoutput As explained in commit 1378817486d6 "tipc: block BH before using dstcache", net/core/dstcache.c helpers need to be called with BH disabled. ilaoutput is called from lwtunneloutput possibly from process...

CVE-2024-41081 ila: block BH in ila_output()

In the Linux kernel, the following vulnerability has been resolved: ila: block BH in ilaoutput As explained in commit 1378817486d6 "tipc: block BH before using dstcache", net/core/dstcache.c helpers need to be called with BH disabled. ilaoutput is called from lwtunneloutput possibly from process...

CVE-2024-41081

CVE-2024-41081: Linux kernel vulnerability in ila_output() where race against softirq/RCU could corrupt net/dst_cache data if ila_output() is interrupted and re-entered under rcu_read_lock(). The root cause is attempting to block BH in ila_output() without disabling local BH, leading to potential...

CVE-2024-36971 net: fix __dst_negative_advice() race

In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when sk-dstcache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk-skdstcache, then call dstreleaseolddst. Note...

CVE-2024-36971

CVE-2024-36971 is a Linux kernel vulnerability where __dst_negative_advice() did not enforce correct RCU rules when sk->dst_cache needed clearing, allowing a possible use-after-free. The issue arises from the wrong clearance order relative to dst_release(old_dst); ip6_negative_advice() has spe...