5 matches found
CVE-2021-4442
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNONE,...
CVE-2021-4442 tcp: add sanity tests to TCP_QUEUE_SEQ
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity tests to TCPQUEUESEQ Qingyu Li reported a syzkaller bug where the repro changes RCV SEQ after restoring data in the receive queue. mprotect0x4aa000, 12288, PROTREAD = 0 mmap0x1ffff000, 4096, PROTNONE,...
CVE-2021-4442
CVE-2021-4442 – The Linux kernel TCP stack vulnerability described as: a syzkaller repro could cause RCV_SEQ to be advanced after data restoration in the receive queue, enabling an out-of-order or invalid sequence handling when TCP_QUEUE_SEQ is used on non-empty queues. The connected documents (A...
Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2)
/ TCPMAXSEG Kernel Panic DoS for Linux include include include include include int main struct sockaddrin laddr; memset&laddr, 0, sizeofladdr; laddr.sinfamily = AFINET; laddr.sinaddr.saddr = inetaddr"127.0.0.1"; laddr.sinport = htons31337; int listener = socketPFINET, SOCKSTREAM, IPPROTOTCP; if...
CVE-2010-4165
CVE-2010-4165 affects the Linux kernel prior to 2.6.37-rc2. The do_tcp_setsockopt function does not properly constrain TCP_MAXSEG (MSS) values, allowing a local user to trigger a denial of service via a setsockopt with a small value, leading to a divide-by-zero or signed-integer misuse. Evidence ...