CVE-2022-49295 nbd: call genl_unregister_family() first in nbd_cleanup()

In the Linux kernel, the following vulnerability has been resolved: nbd: call genlunregisterfamily first in nbdcleanup Otherwise there may be race between module removal and the handling of netlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, address:...

SUSE CVE-2023-52837

In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbdopen Commit 4af5f2e03013 "nbd: use blkmqallocdisk and blkcleanupdisk" cleans up disk by blkcleanupdisk and it won't set disk-privatedata as NULL as before. UAF may be triggered in nbdopen if someone tries to op...

CVE-2021-46981

In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...

USN-4414-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the btrfs file system...