13 matches found
DEBIAN-CVE-2024-56636
In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in genevexmitskb We should not assume mac header is set in output path. Use skbethhdr instead of ethhdr to fix the issue. sysbot reported the following : WARNING: CPU: 0 PID: 11635 at...
UBUNTU-CVE-2024-56636
In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in genevexmitskb We should not assume mac header is set in output path. Use skbethhdr instead of ethhdr to fix the issue. sysbot reported the following : WARNING: CPU: 0 PID: 11635 at...
kernel: udp: do not accept non-tunnel GSO skbs landing in a tunnel
CVE-2024-35884 highlights a flaw in the Linux kernel's handling of UDP packets when Generic Receive Offload GRO forwarding is enabled. The issue occurs because non-tunnel UDP packets are sometimes mistakenly processed as if they belong to a tunnel. This can lead to data corruption or kernel...
kernel: udp: do not accept non-tunnel GSO skbs landing in a tunnel
CVE-2024-35884 highlights a flaw in the Linux kernel's handling of UDP packets when Generic Receive Offload GRO forwarding is enabled. The issue occurs because non-tunnel UDP packets are sometimes mistakenly processed as if they belong to a tunnel. This can lead to data corruption or kernel...
kernel: udp: do not accept non-tunnel GSO skbs landing in a tunnel
CVE-2024-35884 highlights a flaw in the Linux kernel's handling of UDP packets when Generic Receive Offload GRO forwarding is enabled. The issue occurs because non-tunnel UDP packets are sometimes mistakenly processed as if they belong to a tunnel. This can lead to data corruption or kernel...
CVE-2024-26857
In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...
openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet
A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled...
Openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet
...
SUSE CVE-2017-5342
In tcpdump before 4.9.0, a bug in multiple protocol parsers Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE could cause a buffer overflow in print-ether.c:etherprint...
kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints
A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this...
kernel: some ipv6 protocols not encrypted over ipsec tunnel
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...
ALPINE-CVE-2017-5342
In tcpdump before 4.9.0, a bug in multiple protocol parsers Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE could cause a buffer overflow in print-ether.c:etherprint...
UBUNTU-CVE-2017-5342
In tcpdump before 4.9.0, a bug in multiple protocol parsers Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE could cause a buffer overflow in print-ether.c:etherprint...