CVE-2022-50780

CVE-2022-50780 is a Linux kernel vulnerability described across multiple sources as a use-after-free (UAF) in nfqnl_nf_hook_drop(), triggered when ops_init() fails during net namespace setup. The root cause, as documented, is that data allocated during setup_net() is freed when ops->init() fai...

kernel: net/sched: Always pass notifications when child class becomes empty

A use-after-free UAF vulnerability was found in the Linux kernel's net/sched subsystem, specifically in the Credit-Based Shaper CBS qdisc implementation schcbs. The vulnerability occurs because the CBS qdisc's reset function qdiscresetqueue only resets its internal queue but fails to reset its...

CVE-2024-53164

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch-q.qlen around qdisctreereducebacklog need to happen before a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become...

CVE-2021-47595

In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1 tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2 mauseza...

CVE-2024-36979 net: bridge: mst: fix vlan use-after-free

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage1 in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path br forward delay...

CVE-2023-52782

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Track xmit submission to PTP WQ after populating metadata map Ensure the skb is available in metadata mapping to skbs before tracking the metadata index for detecting undelivered CQEs. If the metadata index is put in t...

CVE-2024-35841

CVE-2024-35841 describes a Linux kernel vulnerability in the TLS path (net: tls) related to splice handling with MSG_SPLICE_PAGES. The issue occurs when moving user pages from msg to msg_pl; if more pages are added than MAX_MSG_FRAGS and the MORE flag is used, the code can attempt to re-fill a fu...

CVE-2023-52610

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix skb leak and crash on ooo frags actct adds skb-users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inetfragreasmprepare skbmorph which is not straightforward. Howev...

CVE-2023-4208

A use-after-free vulnerability in the Linux kernel's net/sched: clsu32 component can be exploited to achieve local privilege escalation. When u32change is called on an existing filter, the whole tcfresult struct is always copied into the new instance of the filter. This causes a problem when...