CVE-2024-50121

CVE-2024-50121 affects the Linux kernel component nfsd, specifically the race where nfsd_shrinker_work may be cancelled in nfs4_state_shutdown_net without waiting for the shrinker to exit. This can cause warnings and use-after-free scenarios when unhashing and destroying nfsd clients during net s...

CVE-2021-47370 mptcp: ensure tx skbs always have the MPTCP ext

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...

CVE-2024-35929 rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARNONONCE in the rcunocbbypasslock For the kernels built with CONFIGRCUNOCBCPUDEFAULTALL=y and CONFIGRCULAZY=y, the following scenarios will trigger WARNONONCE in the rcunocbbypasslock and rcunocbwaitcontended...

CVE-2024-35929 rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARNONONCE in the rcunocbbypasslock For the kernels built with CONFIGRCUNOCBCPUDEFAULTALL=y and CONFIGRCULAZY=y, the following scenarios will trigger WARNONONCE in the rcunocbbypasslock and rcunocbwaitcontended...

CVE-2022-48689

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report 1 showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

CVE-2021-47219

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreporttgtpgs The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 inline BUG: KASAN: slab-out-of-bounds in...

CVE-2021-47219

CVE-2021-47219 involves the Linux kernel SCSI subsystem, specifically the scsi_debug path, where an out-of-bounds read occurs in resp_report_tgtpgs() due to an incorrect handling of lengths. The issue can manifest as a negative alen when userspace supplies a large length, enabling a slab/read bou...

CVE-2021-47202 thermal: Fix NULL pointer dereferences in of_thermal_ functions

In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in ofthermal functions ofparsethermalzones parses the thermal-zones node and registers a thermalzone device for each subnode. However, if a thermal zone is consuming a thermal sensor and tha...

CVE-2024-26641 ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...

CVE-2023-52577 dccp: fix dccp_v4_err()/dccp_v6_err() again

In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in "struct dccphdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways no more assumptions...