CVE-2024-26834 netfilter: nft_flow_offload: release dst in case direct xmit path is used

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: release dst in case direct xmit path is used Direct xmit does not use it since it calls devqueuexmit to send packets, hence it calls dstrelease. kmemleak reports: unreferenced object 0xffff88814f440900...

CVE-2024-26834

The CVE-2024-26834 entry concerns the Linux kernel netfilter NFT_FLOW_OFFLOAD path. TECHNICAL DETAILS (from connected docs): Direct xmit path avoids calling dst_release() due to using dev_queue_xmit(), leaving a kmemleak-reported unreferenced object and a route stack path that can affect packet r...

CVE-2021-47103

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...

CVE-2021-47103 inet: fully convert sk->sk_rx_dst to RCU rules

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...

CVE-2021-47103 inet: fully convert sk->sk_rx_dst to RCU rules

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk-skrxdst to RCU rules syzbot reported various issues around early demux, one being included in this changelog 1 sk-skrxdst is using RCU protection without clearly documenting it. And following sequences in...