Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly set icsksynmss when handling the IPROTOSMC protocol, which could lead to kernel null...

PT-2024-33874

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc7-syzkaller-g5f5673607153 Description: The issue is related to a panic on IPPROTO SMC in the Linux kernel. When INET PROTOSW ICSK is set, icsk-icsk sync mss must also be set. The problem occurs due to a...

PT-2023-5941 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the implementation of the TCP/IP protocol stack in Windows operating systems, which lacks sufficient protection of service data. This can be exploited by a remote...

PT-2023-5125 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a denial-of-service vulnerability in the implementation of the TCP/IP protocol in Windows operating systems, caused by insufficient input validation. This can allow ...

CLSA-2023-1686585068 kernel: Fix of 26 CVEs

cgroup: Use open-time cgroup namespace for process migration perm checks CVE-2021-4197 - cgroup: Use open-time credentials for process migraton perm checks CVE-2021-4197 - cgroup: cgroup.procs,threads factor out common parts - cgroup: unify attach permission checking - vt: drop old FONT ioctls...

USN-6068-1 openvswitch vulnerability

David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service...

OESA-2023-1234 openvswitch security update

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifyin...

openvswitch: ip proto 0 triggers incorrect handling

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

Design/Logic Flaw

An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from next-header ah' from being properly installed in the packet forwarding engine PFE. There is no...

openvswitch: ip proto 0 triggers incorrect handling

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

openvswitch: ip proto 0 triggers incorrect handling

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0 OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow but with an incorrect action possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.

...

AZL-35088 CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-3

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

DEBIAN-CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

AZL-26031 CVE-2023-1668 affecting package openvswitch for versions less than 2.17.5-2

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

UBUNTU-CVE-2023-1668

A flaw was found in openvswitch OVS. When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results for both kernel and userspace datapath in installing a datapath flow matching all IP protocols nwproto is wildcarded...

PT-2023-9382

Name of the Vulnerable Software and Affected Versions openvswitch affected versions not specified Description A flaw was found in openvswitch OVS when processing an IP packet with protocol 0. This issue results in installing a datapath flow matching all IP protocols for this flow, but with an...

SUSE CVE-2018-10244

Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check...

CVE-2022-30262

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...

Design/Logic Flaw

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...