117 matches found
CVE-2024-43911
CVE-2024-43911—Linux kernel wifi/mac80211 NULL pointer dereference fix . The vulnerability occurs in the MLD path during band/tx BA session initialization where link_data/link_conf may not point to vif->bss_conf, risking a NULL chan and a kernel crash. The fix adds explicit checks on ht_suppor...
CVE-2024-43911 wifi: mac80211: fix NULL dereference at band check in starting tx ba session
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...
CVE-2024-43911
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...
CVE-2024-43911 wifi: mac80211: fix NULL dereference at band check in starting tx ba session
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...
CVE-2024-43911 wifi: mac80211: fix NULL dereference at band check in starting tx ba session
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, linkdata/linkconf are dynamically allocated. They don't point to vif-bssconf. So, there will be no chanreq assigned to vif-bssconf an...
CVE-2024-33025
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE...
CVE-2024-33025 Buffer Over-read in WLAN Host
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE...
CVE-2024-33025 Buffer Over-read in WLAN Host
Transient DOS while parsing the BSS parameter change count or MLD capabilities fields of the ML IE...
CVE-2024-33025
CVE-2024-33025 is a Transient Denial of Service in the WLAN Host path affecting Qualcomm WLAN components, triggered while parsing the BSS parameter change count or MLD capabilities fields within the ML Information Element. The NVD entry notes a Network attack vector with CVSS v3.1 base score 7.5 ...
PT-2024-25070 · Qualcomm · Snapdragon +159
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a Transient Denial of Service DOS that occurs while parsing the BSS parameter change count or MLD capabilities fields of the ML...
CVE-2022-48785 ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: use rcu-safe version of ipv6getlladdr Some time ago 8965779d2c0e "ipv6,mcast: always hold idev-lock before mcalock" switched ipv6getlladdr to ipv6getlladdr, which is rcu-unsafe version. That was OK, because idev-lock...
CVE-2024-35838
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential sta-link leak When a station is allocated, links are added but not set to valid yet e.g. during connection to an AP MLD, we might remove the station without ever marking links valid, and leak them. F...
CVE-2024-26837
In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping...
CVE-2024-26837 net: bridge: switchdev: Skip MDB replays of deferred events on offload
In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events to replay would race against the creation of new group memberships, either from the IGMP/MLD snooping...
SUSE CVE-2021-47146
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mldnewpack mldnewpack doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skbput. Test commands: ip netns del A ip netns de...
CVE-2021-47146
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mldnewpack mldnewpack doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skbput. Test commands: ip netns del A ip netns de...
DEBIAN-CVE-2021-47146
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mldnewpack mldnewpack doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skbput. Test commands: ip netns del A ip netns de...
CVE-2021-47146 mld: fix panic in mld_newpack()
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mldnewpack mldnewpack doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skbput. Test commands: ip netns del A ip netns de...
SUSE CVE-2024-26631
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6mcdown / mldifcwork idev-mcifccount can be written over without proper locking. Originally found by syzbot 1, fix this issue by encapsulating calls to mldifcstopwork and mldgqstopwork for good...
DEBIAN-CVE-2024-26631
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6mcdown / mldifcwork idev-mcifccount can be written over without proper locking. Originally found by syzbot 1, fix this issue by encapsulating calls to mldifcstopwork and mldgqstopwork for good...