RHSA-2005:232 Red Hat Security Advisory: ipsec-tools security update

Bulletin has no description...

RHSA-2004:308 Red Hat Security Advisory: ipsec-tools security update

Bulletin has no description...

AZL-49590 CVE-2024-46678 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bonding: change ipseclock from spin lock to mutex In the cited commit, bond-ipseclock is added to protect ipseclist, hence xdodevstateadd and xdodevstatedelete are called inside this lock. As ipseclock is a spin lock and such...

CVE-2024-46678 bonding: change ipsec_lock from spin lock to mutex

In the Linux kernel, the following vulnerability has been resolved: bonding: change ipseclock from spin lock to mutex In the cited commit, bond-ipseclock is added to protect ipseclist, hence xdodevstateadd and xdodevstatedelete are called inside this lock. As ipseclock is a spin lock and such...

Unspecified vulnerability in Linux kernel (CNVD-2024-39477)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an IPsec RoCE MPV trace call issue with the net/mlx5 component. No detailed vulnerability details are provid...

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

CVE-2024-45017 net/mlx5: Fix IPsec RoCE MPV trace call

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

CVE-2024-45017

CVE-2024-45017 concerns the Linux kernel mlx5 IPsec RoCE functionality. A fix was implemented to prevent a call trace when creating IPsec over a slave device if the master does not support IPsec. The vulnerability path involves mlx5_ipsec_fs_roce_tx_destroy and related xfrm state destruction, lea...

CVE-2024-45017 net/mlx5: Fix IPsec RoCE MPV trace call

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

CVE-2024-45017 net/mlx5: Fix IPsec RoCE MPV trace call

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...

CVE-2024-7734

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers...

CVE-2024-7734 Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors.

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers...

CVE-2024-7734 Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors.

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers...

CVE-2024-7734

CVE-2024-7734 affects Phoenix Contact FL MGUARD (mGuard) devices; pathfinder TCP encapsulation service can be abused by establishing a high volume of TCP connections, causing a denial of service that blocks valid IPsec VPN peers. Public references in Red Hat and related advisories confirm unauthe...

Zyxel USG FLEX 4.16 < 5.39 Multiple Vulnerabilities

The Firmware version of the Zyxel USG FLEX device is affected by multiple vulnerabilities: - A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50W series...

SUSE CVE-2024-44990

In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bondipsecoffloadok We must check if there is an active slave before dereferencing the pointer...

DEBIAN-CVE-2024-44990

In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bondipsecoffloadok We must check if there is an active slave before dereferencing the pointer...

UBUNTU-CVE-2024-44989

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...