84 matches found
SDN-Based False Data Detection with Its Mitigation and Machine Learning Robustness for In-Vehicle Networks
As the development of autonomous and connected vehicles advances, the complexity of modern vehicles increases, with numerous Electronic Control Units ECUs integrated into the system. In an in-vehicle network, these ECUs communicate with one another using an standard protocol called Controller Are...
CVE-2022-29605
An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator...
CVE-2022-29609
An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator...
CVE-2022-29606
An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network...
CVE-2021-38364
An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents...
CVE-2019-1010250
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: createFlow and createFlows functions in FlowWebResource.java RESTful service. The...
CVE-2019-1010252
The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator or attacker can install unintended flow rules in the switch by mistake. The component is: applyFlowRules and apply functions in FlowRuleManager.java. The attack vector is:...
CVE-2022-49919
CVE-2022-49919 : In the Linux kernel, the nf_tables flow rule object release path was fixed. The underlying issue was a use-after-free (UAF) triggered by races with the netlink notifier, observed when the flow rule object is accessed only from the control plane (no data packets traverse it). The ...
UBUNTU-CVE-2024-53121
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock...
BEC-ware the Phish (part 3): Detect and Prevent Incidents in M365
TL;DR Take lessons learned from investigation, such as reviewing how emails evaded existing phishing controls to update anti-malware policies. Configure Defender for Office and Defender for Cloud Apps threat and alert policies to prevent and detect email-based attacks. Don’t rely on out-of-the-bo...
kernel: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2024:2896-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2896-1 advisory. The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were...
CVE-2024-40940
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
CVE-2024-40940
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
DEBIAN-CVE-2024-40940
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
CVE-2024-40940
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
CVE-2024-40940 net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
CVE-2024-40940
The CVE-2024-40940 issue affects the Linux kernel mlx5 driver (net/mlx5). The root cause is in mlx5_lag_create_port_sel_table(): when a flow rule creation fails, the tainted pointer is deleted multiple times instead of using the correct flow rule pointers. The bug is fixed by using the correct fl...
CVE-2024-40940 net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with the net/mlx5 component that duplicates pointers to delete created rules when creating flow rul...