DEBIAN-CVE-2021-47607

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPFCMPXCHG on a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG + insn-off, BPFR0, SRCREG -mem-loc...

UBUNTU-CVE-2021-47603

In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state the kernel's kauditdthread could get blocked attempting to send audit records to the userspace audit daemon. With...

DEBIAN-CVE-2024-38554

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of netdevice There is a reference count leak issue of the object "netdevice" in ax25devdevicedown. When the ax25 device is shutting down, the ax25devdevicedown drops the reference count of...

UBUNTU-CVE-2024-38557

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...

UBUNTU-CVE-2024-38575

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc in brcmfpciedownloadfwnvram will return null if the physical memory has run out. As a result, if we use getrandombytes to generate random bytes in the randbuf, t...

kernel: i2c: validate user data in compat ioctl

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2ctransfer, ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to...

kernel: usb: ulpi: Fix debugfs directory leak

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpiunregisterinterface tries to remove a debugfs directory named after the ulpi device itself. This results in t...

SUSE CVE-2024-36946

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtmphonetnotify skb allocation fillroute stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify should use NLMSGALIGNsizeofstruct rtmsg + nlatotalsize1 + nlatotalsize4...

CVE-2024-36905

In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdownSENDSHUTDOWN for TCPSYNRECV sockets TCPSYNRECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash 1, syzbot managed to trigger a divide by zero in...

DEBIAN-CVE-2024-36935

In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is...

UBUNTU-CVE-2024-36940

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrlenable The "pctldev" struct is allocated in devmpinctrlregisterandinit. It's a devm managed pointer that is freed by devmpinctrldevrelease, so freeing it in pinctrlenable will lead t...

CVE-2024-36915 nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfcllcpsetsockopt unsafe copies syzbot reported unsafe calls to copyfromsockptr 1 Use copysafefromsockptr instead. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49 inline BUG:...

CVE-2024-36906 ARM: 9381/1: kasan: clear stale stack poison

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...

DEBIAN-CVE-2023-52881

In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The ACK value is considered...

SUSE CVE-2021-47519

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo: fix memory leak in error branch In mcanreadfifo, if the second call to mcanfiforead fails, the function jump to the outfail label and returns without calling mcanreceiveskb. This means that the skb...

SUSE CVE-2021-47402

In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect flwalk with rcu Patch that refactored flwalk to use idrforeachentrycontinueul also removed rcu protection of individual filters which causes following use-after-free when filter is deleted concurrently...

UBUNTU-CVE-2021-47511

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix negative period/buffer sizes The period size calculation in OSS layer may receive a negative value as an error, but the code there assumes only the positive values and handle them with sizet. Due to that, a to...

SUSE CVE-2021-47347

In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251cmdscan Function wl1251cmdscan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size...

DEBIAN-CVE-2024-36013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2capconnect Extend a critical section to prevent chan from early freeing. Also make the l2capconnect return type void. Nothing is using the returned value but it is ugly to return a...

SUSE CVE-2021-47482

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree. The problem was in wrong error handling in batadvmeshinit. Before this patch batadvmeshinit was calling batadvmeshfree in case of any...