CVE-2022-48721 net/smc: Forward wakeup to smc socket waitqueue after fallback

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket-wq, such as eppollentries inserted by userspace...

CVE-2022-48721 net/smc: Forward wakeup to smc socket waitqueue after fallback

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket-wq, such as eppollentries inserted by userspace...

CVE-2022-48721 net/smc: Forward wakeup to smc socket waitqueue after fallback

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket-wq, such as eppollentries inserted by userspace...

CVE-2022-48721

CVE-2022-48721 affects the Linux kernel net/smc: when SMC is used and a fallback to TCP occurs, some waitqueue entries previously inserted into smc_socket->wq may remain. After fallback, data flows over TCP and only clcsock->wq is woken, so applications (e.g., epoll) may miss wakeups for th...

CVE-2021-47593

In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern being set correctly: It prevents setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6; from working for plain tcp sockets any userspace-expose...

CVE-2022-48721

In the Linux kernel, the following vulnerability has been resolved: net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries remaining in smc socket-wq, such as eppollentries inserted by userspace...

DEBIAN-CVE-2021-47591

In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCPULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow tcp sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that...

CVE-2021-47593

In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern being set correctly: It prevents setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6; from working for plain tcp sockets any userspace-expose...

DEBIAN-CVE-2021-47593

In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern being set correctly: It prevents setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6; from working for plain tcp sockets any userspace-expose...

UBUNTU-CVE-2021-47593

In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern being set correctly: It prevents setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6; from working for plain tcp sockets any userspace-expose...

CVE-2021-47591

CVE-2021-47591 affects the Linux kernel. The vulnerability arises from the TCP_ULP setsockopt mechanism, which is no longer supported for MPTCP as it is already used internally to connect subflow sockets to the MPTCP layer. In syzbot testing, a crash (KASAN null dereference) was observed on mptcp...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from syzbot triggering a crash of an mptcp connection that is in fallback mode...

kernel: usb: hub: Guard against accesses to uninitialized BOS descriptors

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...

CVE-2024-36889

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

SUSE CVE-2021-47569

In the Linux kernel, the following vulnerability has been resolved: iouring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/iouring.c:6269 iotrycanceluserdata+0x3c5/0x640 fs/iouring.c:6269 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller 0 Workqueue: events...

DEBIAN-CVE-2021-47569

In the Linux kernel, the following vulnerability has been resolved: iouring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/iouring.c:6269 iotrycanceluserdata+0x3c5/0x640 fs/iouring.c:6269 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller 0 Workqueue: events...

UBUNTU-CVE-2021-47569

In the Linux kernel, the following vulnerability has been resolved: iouring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/iouring.c:6269 iotrycanceluserdata+0x3c5/0x640 fs/iouring.c:6269 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkaller 0 Workqueue: events...

CVE-2024-23480

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2...

CVE-2024-23480 Insecure MacOS code sign check fallback

A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2...

CVE-2024-23480

CVE-2024-23480 affects Zscaler Client Connector on macOS prior to version 4.2. The vulnerability arises from a fallback mechanism in code-sign checking that could allow arbitrary code execution. Impact is described in sources as potentially total for exploitation paths, with local/low complexity ...