CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

CVE-2024-39500 sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ixattrnid in sanitycheckinode syzbot reports a kernel bug as below: F2FS-fs loop0: Mounted with checkpoint version = 48b305e4 ================================================================== BUG:...

CVE-2024-39467 f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ixattrnid in sanitycheckinode syzbot reports a kernel bug as below: F2FS-fs loop0: Mounted with checkpoint version = 48b305e4 ================================================================== BUG:...

CVE-2024-39467

CVE-2024-39467 (Linux kernel, f2fs) is rooted in a missing sanity check for i_xattr_nid in f2fs_iget(). In the fiemap path this allows current_nat_addr() to read from nat_bitmap using an invalid i_xattr_nid, triggering a KASAN slab-out-of-bounds bug. The issue is fixed by adding the sanity check ...

CVE-2024-36286 netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instancedestroyrcu syzbot reported that nfreinject could be called without rcureadlock : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...

CVE-2024-36286

CVE-2024-36286 (Linux kernel) : Affects netfilter nfnetlink_queue logic where nf_reinject() could be called without proper rcu_read_lock, triggering suspicious RCU usage in instance_destroy_rcu. The Astra Linux security bulletin (connected doc) mirrors the Linux kernel fix and notes the vulnerabi...

CVE-2022-48726

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

CVE-2022-48726

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...

CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

CVE-2022-48726 RDMA/ucma: Protect mc during concurrent multicast leaves

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...

CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...

CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...

CVE-2021-47598

In the Linux kernel, the following vulnerability has been resolved: schcake: do not call cakedestroy from cakeinit qdiscs are not supposed to call their own destroy method from init, because core stack already does that. syzbot was able to trigger use after free: DEBUGLOCKSWARNONlock-magic != loc...

CVE-2021-47588

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...

CVE-2021-47588 sit: do not call ipip6_dev_free() from sit_init_net()

In the Linux kernel, the following vulnerability has been resolved: sit: do not call ipip6devfree from sitinitnet ipip6devfree is sit dev-privdestructor, already called by registernetdevice if something goes wrong. Alternative would be to make ipip6devfree robust against multiple invocations, but...

CVE-2024-36979 net: bridge: mst: fix vlan use-after-free

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage1 in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path br forward delay...

CVE-2024-36915

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfcllcpsetsockopt unsafe copies syzbot reported unsafe calls to copyfromsockptr 1 Use copysafefromsockptr instead. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49 inline BUG:...