201 matches found
CVE-2024-35890
CVE-2024-35890 : In the Linux kernel, a GRO (generic receive offload) fraglist ownership transfer bug can lead to use-after-free/dos conditions when packets are GROed with fraglist. The issue arises because skb_gro_receive_list removes the socket reference but the skb_segment_list may reuse skbs ...
UBUNTU-CVE-2024-35857
In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmpbuildprobe First problem is a double call to indevgetrcu, because the second one could return NULL. if indevgetrcudev && indevgetrcudev-ifalist Second problem is a read from...
kernel: icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev()
In the Linux kernel, the following vulnerability has been resolved: icmp6: Fix null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP and will be forwarded to an external IP in the IPv6 Ex...
CLSA-2024-1713791075 Fix of 12 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23307 - md/raid5: fix atomicity violation in raid5cachecount CVE-url: https://ubuntu.com/security/CVE-2021-46932 - Input: appletouch - initialize work before device registration CVE-url: https://ubuntu.com/security/CVE-2021-46936 - net: fix...
CLSA-2024-1713790844 Fix of 12 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-23307 - md/raid5: fix atomicity violation in raid5cachecount CVE-url: https://ubuntu.com/security/CVE-2021-46932 - Input: appletouch - initialize work before device registration CVE-url: https://ubuntu.com/security/CVE-2021-46936 - net: fix...
SUSE CVE-2024-26852
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify syzbot found another use-after-free in ip6routempathnotify 1 Commit f7225172f25a "net/ipv6: prevent use after free in ip6routempathnotify" was not able to fix the root cause. We...
DEBIAN-CVE-2024-26852
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6routempathnotify syzbot found another use-after-free in ip6routempathnotify 1 Commit f7225172f25a "net/ipv6: prevent use after free in ip6routempathnotify" was not able to fix the root cause. We...
UBUNTU-CVE-2024-26752
In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6appenddata l2tpip6sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the...
CVE-2024-26641
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...
DEBIAN-CVE-2024-26633
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenclim syzbot pointed out 1 that NEXTHDRFRAGMENT handling is broken. Reading fragoff can only be done if we pulled enough bytes to skb-head. Currently we might access...
UBUNTU-CVE-2024-26633
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: fix NEXTHDRFRAGMENT handling in ip6tnlparsetlvenclim syzbot pointed out 1 that NEXTHDRFRAGMENT handling is broken. Reading fragoff can only be done if we pulled enough bytes to skb-head. Currently we might access...
CVE-2021-47109
In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUDNOARP entries to be forced GCed IFFPOINTOPOINT interfaces use NUDNOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid connections after that...
CVE-2023-52527
CVE-2023-52527 involves the Linux kernel IPv4/IPv6 path: the handling of transhdrlen in __ip{,6}_append_data() could inflate the length when a packet is only partially filled (e.g., after MSG_MORE), risking duplicate transport header accounting. The issue can arise when splicing into an L2TP sock...
SUSE CVE-2013-2232
The ip6skdstcheck function in net/ipv6/ip6output.c in the Linux kernel before 3.10 allows local users to cause a denial of service system crash by using an AFINET6 socket for a connection to an IPv4 interface...
SUSE CVE-2013-3230
The l2tpip6recvmsg function in net/l2tp/l2tpip6.c in the Linux kernel before 3.9-rc7 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...
PT-2022-36238 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.78 Description: The issue is related to a warning in the ip6 route net exit late function. The actual impact and attack plausibility have not yet been proven. It was introduced in version v2.6.26 and fixed...
CVE-2022-25061
TP-LINK TL-WR840NESV6.20180709 was discovered to contain a command injection vulnerability via the component oalsetIp6DefaultRoute...
OSV-2020-1668 Memcpy-param-overlap in ot::Message::Write
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25226 Crash type: Memcpy-param-overlap Crash state: ot::Message::Write ot::Message::CopyTo ot::Ip6::Ip6::InsertMplOption...
OSV-2020-732 Stack-buffer-overflow in ot::MeshCoP::Leader::HandlePetition
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13537 Crash type: Stack-buffer-overflow READ 1 Crash state: ot::MeshCoP::Leader::HandlePetition ot::Coap::CoapBase::ProcessReceivedRequest ot::Ip6::Udp::HandleMessage...
OSV-2020-728 Stack-buffer-overflow in ot::Ip6::OptionPadN::Init
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14854 Crash type: Stack-buffer-overflow WRITE 9 Crash state: ot::Ip6::OptionPadN::Init ot::Ip6::Ip6::RemoveMplOption ot::Ip6::Ip6::ProcessReceiveCallback...