174 matches found
kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference
A use-after-free flaw was found in the dotlsgetsockopt function in net/tls/tlsmain.c in the Transport Layer Security TLS in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition...
kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference
A use-after-free flaw was found in the dotlsgetsockopt function in net/tls/tlsmain.c in the Transport Layer Security TLS in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition...
kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference
A use-after-free flaw was found in the dotlsgetsockopt function in net/tls/tlsmain.c in the Transport Layer Security TLS in the Network subcompact in the Linux kernel. This flaw allows an attacker to cause a NULL pointer dereference problem due to a race condition...
SUSE CVE-2023-28466
dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...
AZL-25661 CVE-2023-28466 affecting package kernel for versions less than 5.15.107.1-2
dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...
DEBIAN-CVE-2023-28466
dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...
PT-2023-2332 · Linux +9 · Linux Kernel +9
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2.7 Description: The issue is related to a race condition in the Linux kernel's TLS protocol implementation, specifically in the do tls getsockopt conf and do tls setsockopt conf functions in the net/tls/tls...
K16349: Linux kernel vulnerability CVE-2009-0676
Security Advisory Description Description The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt reques...
SUSE CVE-2006-1343
net/ipv4/netfilter/ipconntrackcore.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nfconntrackl3protoipv4.c in 2.6, does not clear sockaddrin.sinzero before returning IPv4 socket names from the getsockopt function with SOORIGINALDST, which allows local users to obtain portions of...
SUSE CVE-2009-0676
The sockgetsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SOBSDCOMPAT getsockopt request...
SUSE CVE-2010-3081
The compatallocuserspace functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the...
SUSE CVE-2010-4529
Integer underflow in the irdagetsockopt function in net/irda/afirda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMPENUMDEVICES getsockopt call...
SUSE CVE-2011-2492
The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to 1 the l2capsockgetsockoptold function in...
SUSE CVE-2013-1828
The sctpgetsockoptassocstats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copyfromuser operation, which allows local users to gain privileges via a crafted application that contains an SCTPGETASSOCSTATS getsockopt system call...
SUSE CVE-2013-1827
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash by leveraging the CAPNETADMIN capability for a certain 1 sender or 2 receiver getsockopt call...
SUSE CVE-2013-4588
Multiple stack-based buffer overflows in net/netfilter/ipvs/ipvsctl.c in the Linux kernel before 2.6.33, when CONFIGIPVS is used, allow local users to gain privileges by leveraging the CAPNETADMIN capability for 1 a getsockopt system call, related to the doipvsgetctl function, or 2 a setsockopt...
SUSE CVE-2018-6555
The irdasetsockopt function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kernel before 4.17 allows local users to cause a denial of service iasobject use-after-free and system crash or possibly have unspecified other impact via an AFIRDA socket...
SUSE CVE-2021-20194
There is a vulnerability in the linux kernel versions higher than 5.2 if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered. As result of BPF execution, the local user...
SUSE CVE-2022-3566
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assign...
DEBIAN-CVE-2022-3566
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assign...