Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059147 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651...

CLSA-2024-1727817758 Fix of 74 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the...

CLSA-2024-1727690947 kernel: Fix of 80 CVEs

sch/netem: fix use after free in netemdequeue CVE-2024-46800 - VMCI: Fix use-after-free when removing resource in vmciresourceremove CVE-2024-46738 - drm/amdgpu: Fix out-of-bounds write warning CVE-2024-46725 - drm/amdgpu: Fix out-of-bounds read of dfv17channelnumber CVE-2024-46724 - drm/amdgpu:...

ipv6: prevent possible NULL dereference in rt6_probe()

...

kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb-sk in ipvlanprocessv4,6outbound Raw packet from PFPACKET socket ontop of an IPv6-backed ipvlan device will hit WARNONONCE in skmcloop through schdirectxmit path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775...

golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

libndp: buffer overflow in route information length field

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information...

AZL-43279 CVE-2023-52340 affecting package kernel for versions less than 5.15.147.1-1

The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c maxsize threshold that can be consumed easily, e.g., leading to a denial of service network is unreachable errors when IPv6 packets are sent in a loop via a raw socket...

Medium: golang

Issue Overview: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip...

Improper Check for Unusual or Exceptional Conditions

Overview std/net/netip is a Go standard library package std/net/netip Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions. Go Vulnerability Report:The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6...

CVE-2021-47546

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6rulesuppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppressprefix rule is present in the IPv6 routing rules used by certain tools such as wg-quick. I...

UBUNTU-CVE-2021-47572

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled !CONFIGIPV6 we'll hit a NULL pointer dereference1 in the error path of nhcreateipv6 due to calling...

DEBIAN-CVE-2023-52698

In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlblcalipsoaddpass If IPv6 support is disabled at boot ipv6.disable=1, the calipsoinit - netlblcalipsoopsregister function isn't called, and the netlblcalipsoopsget function always returns NULL. In...

CVE-2023-37314

D-Link DAP-2622 DDP Set IPv6 Address Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

Cente middleware TCP/IP Network Series 安全漏洞

The Cente middleware TCP/IP Network Series is a series of network devices from Cente Japan. A security vulnerability exists in Cente middleware TCP/IP Network Series, which stems from improper checking of option length values in IPv6 NDP packets, resulting in out-of-bounds reads...

UBUNTU-CVE-2024-26665

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in docsum+0x220/0x240 Read of size 4 at addr...

Medium: kernel

Issue Overview: A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. CVE-2023-52434 A null pointer dereference flaw was found in t...

UBUNTU-CVE-2021-47126

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6nhflushexceptions Reported by syzbot: HEAD commit: 90c911ad Merge tag 'fixes' of git://git.kernel.org/pub/scm.. git tree:...

CVE-2021-46955

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds...

UBUNTU-CVE-2023-45232

EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability...