kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe

An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...

CVE-2023-49062

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

CVE-2023-49062

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

Design/Logic Flaw

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

CVE-2023-49062

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

CVE-2023-49062

Summary: CVE-2023-49062 affects Meta Katran. After a bpf_xdp_adjust_head call, Katran could write uninitialized kernel memory into the IPv4 Identification field during IPv4 encapsulation (and ICMPv4 Too Big packet generation), exposing kernel memory content. This occurs in all Katran versions pri...

Meta Katran Security Vulnerability

Meta Katran is a C++ library and BPF program from Meta Corporation. It is used to build high-performance Layer 4 load-balanced forwarding planes. A security vulnerability exists in Meta Katran that stems from the ability to expose uninitialized kernel memory as part of an IP header...

SUSE CVE-2023-6238

A buffer overflow vulnerability was found in the NVM Express NVMe driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access DMA into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes...

CVE-2023-6238

A buffer overflow vulnerability was found in the NVM Express NVMe driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access DMA into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes...

Buffer overflow

A buffer overflow vulnerability was found in the NVM Express NVMe driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access DMA into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes...

CVE-2023-6238

A buffer overflow vulnerability was found in the NVM Express NVMe driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access DMA into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes...

CVE-2023-6238

A buffer overflow vulnerability was found in the NVM Express NVMe driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access DMA into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes...

WithSecure products Security breaches

WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure products that originates from a local elevation of privilege that allows an attacker with administrator privileges to corrupt kernel memory. Affected products and...

kernel: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()

In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was triggered on a hardware environment: SELinux: Converting 162 SID table entries... BUG: sleeping function called from invalid context ...

kernel: net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()

An uninitialized memory access flaw was found in the Linux kernel's QRTR Qualcomm IPC Router protocol in the transmit resume handling. When processing RESUMETX messages, if the packet size is smaller than the expected control structure, the qrtrtxresume function reads uninitialized memory from th...

kernel: drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfdmemdmamapuserptr If the number of pages from the userptr BO differs from the SG BO then the allocated memory for the SG table doesn't get freed before returning -EINVAL, which may lead to a memor...

kernel: gpiolib: fix memory leak in gpiochip_setup_dev()

In the Linux kernel, the following vulnerability has been resolved: gpiolib: fix memory leak in gpiochipsetupdev Here is a backtrace report about memory leak detected in gpiochipsetupdev: unreferenced object 0xffff88810b406400 size 512: comm "python3", pid 1682, jiffies 4295346908 age 24.090s...

kernel: io_uring/rw: defer fsnotify calls to task context

A locking context violation was found in the Linux kernel's iouring subsystem. The fsnotify calls were being made directly from kiocb completion context, which can execute in soft or hard IRQ context. This causes lockdep warnings when fsnotify attempts memory allocation with GFPKERNEL flags, whic...

kernel: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds

A slab-out-of-bounds read vulnerability was found in the Linux kernel's ASoC tx-macro codec driver. The decimator variable was incorrectly sized at 32 bits, causing regcacheflatread to access memory beyond the allocated slab when reading register cache values during the txmacrodigitalmute...

kernel: drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in kfdmemdmamapuserptr If the number of pages from the userptr BO differs from the SG BO then the allocated memory for the SG table doesn't get freed before returning -EINVAL, which may lead to a memor...