CLSA-2024-1725187614 kernel: Fix of 11 CVEs

drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36960 - afunix: Fix garbage collector racing against connect CVE-2024-26923 - ipv6: remove maxsize check inline with ipv4 CVE-2023-52340 - aoe: fix the potential use-after-free problem in aoecmdcfgpkts CVE-2023-6270 - smb: client:...

CVE-2021-4442

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNONE,...

CVE-2021-4442

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNONE,...

CVE-2021-4442 tcp: add sanity tests to TCP_QUEUE_SEQ

In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNONE,...

CVE-2021-4442

CVE-2021-4442 – The Linux kernel TCP stack vulnerability described as: a syzkaller repro could cause RCV_SEQ to be advanced after data restoration in the receive queue, enabling an out-of-order or invalid sequence handling when TCP_QUEUE_SEQ is used on non-empty queues. The connected documents (A...

SUSE CVE-2023-52902

In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in dommap error path The preallocation of the maple tree nodes may leak if the error path to "errorjustfree" is taken. Fix this by moving the freeing of the maple tree nodes to a shared location for all err...

DEBIAN-CVE-2023-52902

In the Linux kernel, the following vulnerability has been resolved: nommu: fix memory leak in dommap error path The preallocation of the maple tree nodes may leak if the error path to "errorjustfree" is taken. Fix this by moving the freeing of the maple tree nodes to a shared location for all err...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a memory leak in the wrong path of dommap in the nommu component...

The vulnerability of the get_user_pages_unlocked() function in the nitro_enclaves component of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the getuserpagesunlocked function in the nitroenclaves component of the Linux operating system’s kernel is related to the use of this function to handle the mmap assertion. Exploiting this vulnerability could allow a attacker to trigger a service failure...

CVE-2024-42317

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAXPAGECACHEORDER by commit 099d90642a71 "mm/filemap: make MAXPAGECACHEORD...

CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAXPAGECACHEORDER by commit 099d90642a71 "mm/filemap: make MAXPAGECACHEORD...

kernel: userfaultfd: fix a race between writeprotect and exit_mmap()

A possible race condition flaw was found in the Linux kernel. When a process exits, its virtual memory areas VMAs are removed by exitmmap, and at the same time, userfaultfdwriteprotect is called...

CVE-2024-42243 mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: make MAXPAGECACHEORDER acceptable to xarray Patch series "mm/filemap: Limit page cache size to that supported by xarray", v2. Currently, xarray can't support arbitrary page cache size. More details can be found from t...

SUSE CVE-2024-42075

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...

DEBIAN-CVE-2024-42075

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...

DEBIAN-CVE-2024-41083

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix netfspagemkwrite to check folio-mapping is valid Fix netfspagemkwrite to check that folio-mapping is valid once it has taken the folio lock as filemappagemkwrite does. Without this, generic/247 occasionally oopses with...

UBUNTU-CVE-2024-41083

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix netfspagemkwrite to check folio-mapping is valid Fix netfspagemkwrite to check that folio-mapping is valid once it has taken the folio lock as filemappagemkwrite does. Without this, generic/247 occasionally oopses with...

CVE-2024-42075 bpf: Fix remap of arena.

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arenavmclose...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a mremap operation not being accounted for in the bpf arena logic, which requires reference counts to be add...

SUSE CVE-2022-48839

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket is using PACKETCOPYTHRESH and mmap operations, tpacketrcv is queueing skbs with garbage in skb-cb, triggering a too big copy 1...