12 matches found
CVE-2024-46858 mptcp: pm: Fix uaf in __timer_delete_sync
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...
CVE-2024-46858 mptcp: pm: Fix uaf in __timer_delete_sync
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...
CVE-2024-26861 wireguard: receive: annotate data-race around receiving_counter.counter
In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receivingcounter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair-receivingcounter.counter. Use READONCE and WRITEONCE annotations to mark the data rac...
CVE-2023-52626
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napipoll context Indirection is of lower precedence than postfix increment ++. Logic in napipoll context would cause an out-of-bound read by first increment the pointer...
CVE-2023-52626
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napipoll context Indirection is of lower precedence than postfix increment ++. Logic in napipoll context would cause an out-of-bound read by first increment the pointer...
CVE-2023-52626 net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napipoll context Indirection is of lower precedence than postfix increment ++. Logic in napipoll context would cause an out-of-bound read by first increment the pointer...
CVE-2023-52626 net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napipoll context Indirection is of lower precedence than postfix increment ++. Logic in napipoll context would cause an out-of-bound read by first increment the pointer...
CVE-2023-52626
CVE-2023-52626 (Linux kernel) affects net/mlx5e: fix an operation precedence bug in port timestamping napi_poll context, where indirection (*) has lower precedence than postfix ++, causing an out-of-bounds read after increment. The fix dereferences before increment, preventing the read. CVSS 3.1 ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a security vulnerability that stems from logic in napipoll that will first increment a pointer address by the byte address space and then...
CVE-2021-47127
In the Linux kernel, the following vulnerability has been resolved: ice: track AFXDP ZC enabled queues in bitmap Commit c7a219048e45 "ice: Remove xskbuffpool from VSI structure" silently introduced a regression and broke the Tx side of AFXDP in copy mode. xskpool on icering is set only based on t...
CVE-2021-47127
In the Linux kernel, the following vulnerability has been resolved: ice: track AFXDP ZC enabled queues in bitmap Commit c7a219048e45 "ice: Remove xskbuffpool from VSI structure" silently introduced a regression and broke the Tx side of AFXDP in copy mode. xskpool on icering is set only based on t...
CVE-2021-47028
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rateinfo to fix unexpected reporting. 1215.161863 Call trace: 1215.164307 cfg80211calculatebitrate+0x124/0x200 cfg80211 1215.170139 ieee80211supdatemetric+0x80/0xc0 mac80211...