kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. An error while resolving policies in xfrmbundlelookup causes the refcount to drop twice, leading to a possible crash and a denial of service...

kernel: xfrm: out-of-bounds read of XFRMA_MTIMER_THRESH nlattr

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAPNETADMIN privileges to cause a 4 byte out-of-bounds read of XFRMAMTIMERTHRESH when parsing netlink attributes, leading to potential leakage of sensitive heap...

Linux kernel 缓冲区错误漏洞

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a race condition found in the Linux kernel's IP framework for transforming packets the XFRM subsystem when multiple calls to...