CVE-2024-47685

In the Linux kernel, CVE-2024-47685 patches nf_reject_ipv6: nf_reject_ip6_tcphdr_put() could push garbage into the four reserved TCP bits (th->res1) per KMSAN. The fix clears the entire TCP header using skb_put_zero(), aligning with nf_reject_ip_tcphdr_put(). Connected Astra Linux bulletin rep...

CVE-2024-26641 ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...

CVE-2023-52577 dccp: fix dccp_v4_err()/dccp_v6_err() again

In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in "struct dccphdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways no more assumptions...