231 matches found
CVE-2024-27016
CVE-2024-27016 affects the Linux kernel netfilter flowtable path and is mitigated by a fix that ensures sufficient room to access the PPPoE header’s protocol field. The patch validates the protocol field before the flowtable lookup and uses a helper to access it, preventing out-of-bounds access. ...
CVE-2024-27016
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field...
CVE-2024-27016 netfilter: flowtable: validate pppoe header
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field...
CVE-2024-27016 netfilter: flowtable: validate pppoe header
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field...
CVE-2024-27015
CVE-2024-27015 affects the Linux kernel netfilter flowtable implementation. The issue is an incorrect pppoe tuple handling where the PPPoE header is expected at the network header offset, causing flowtable lookups to miss and PPPoE traffic to enter the classical forwarding path. Connected advisor...
CVE-2024-27015 netfilter: flowtable: incorrect pppoe tuple
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...
CVE-2024-27015 netfilter: flowtable: incorrect pppoe tuple
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...
CVE-2024-27015
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...
CVE-2024-27015 netfilter: flowtable: incorrect pppoe tuple
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unregister flowtable hooks on netns exit CVE-2022-48935 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: double hook unregistration in netns path...
kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...
kernel: netfilter: flowtable_offload: fix using __this_cpu_add in preemptible
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtableoffload: fix using thiscpuadd in preemptible flowoffloadqueuework can be called in workqueue without bh disabled, like the call trace showed in my actct testing, calling NFFLOWTABLESTATINC there would cause a...
kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...
GSD-2023-1000037 netfilter: flowtable_offload: fix using __this_cpu_add in preemptible
netfilter: flowtableoffload: fix using thiscpuadd in preemptible This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.13 by commit...
PT-2023-33114 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.13 Description: The issue is related to the use of this cpu add in preemptible context in flowtable offload in netfilter. The actual impact and attack plausibility have not yet been proven. Recommendations:...
kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...
PT-2024-11841
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the netfilter: flowtable offload. The issue arises when flow offload queue work is called in a workqueue without bh...
kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1 gcstep work is stopped to disable any further stats/del requests...
PT-2025-25926
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0 Description A vulnerability in the Linux kernel has been resolved, related to the netfilter flowtable. The issue occurs when a flow table entry has pending HW stats or HW add work, causing the flow table...
GSD-2022-1005453 netfilter: flowtable: fix stuck flows on cleanup due to pending work
netfilter: flowtable: fix stuck flows on cleanup due to pending work This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.64 by commit...