CVE-2024-50260 sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()

In the Linux kernel, the following vulnerability has been resolved: sockmap: fix a NULL pointer dereference in sockmaplinkupdateprog The following race condition could trigger a NULL pointer dereference: sockmaplinkdetach: sockmaplinkupdateprog: mutexlock&sockmapmutex; ... sockmaplink-map = NULL;...

CVE-2021-47349

In the Linux kernel, the following vulnerability has been resolved: mwifiex: bring down link before deleting interface We can deadlock when rmmod'ing the driver or going through firmware reset, because the cfg80211unregisterwdev has to bring down the link for us, ... which then grab the same wiph...

CVE-2024-26631

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6mcdown / mldifcwork idev-mcifccount can be written over without proper locking. Originally found by syzbot 1, fix this issue by encapsulating calls to mldifcstopwork and mldgqstopwork for good...

CVE-2024-26631 ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6mcdown / mldifcwork idev-mcifccount can be written over without proper locking. Originally found by syzbot 1, fix this issue by encapsulating calls to mldifcstopwork and mldgqstopwork for good...

Linux内核 Keyrings 引用计数溢出 UAF 漏洞

漏洞分析 Linux Kernel的这个漏洞会造成两个影响，第一个是造成信息泄露，可以bypass ASLR，另一个是UAF造成代码执行，利用的是KeyRing机制中的两个漏洞，一个是对Keyring操作控制不严谨，另一个是利用对Keyring计数变量控制不严谨，其中代码执行利用条件相对苛刻，下面对此漏洞进行详细分析。 Keyring信息泄露： Keyring和安全密钥有关，进程可以申请自己新的keyring，同时也可以通过申请新的keyring替换老的keyring，其中，调用到joinsessionkeyring函数。 long joinsessionkeyringconst cha...