CVE-2024-35890

CVE-2024-35890 : In the Linux kernel, a GRO (generic receive offload) fraglist ownership transfer bug can lead to use-after-free/dos conditions when packets are GROed with fraglist. The issue arises because skb_gro_receive_list removes the socket reference but the skb_segment_list may reuse skbs ...

CVE-2024-35890 gro: fix ownership transfer

In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skbsegmentlist those skbs can be reused as-is. This is an issue as their destructor was...

CVE-2024-35884 udp: do not accept non-tunnel GSO skbs landing in a tunnel

In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and...

CVE-2024-35884 udp: do not accept non-tunnel GSO skbs landing in a tunnel

In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and...