873 matches found
kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: honor table dormant flag from netdev release event path The Linux kernel CVE team has assigned CVE-2024-36005 to this issue. Upstream advisory:...
CVE-2024-46771
CVE-2024-46771 (Linux kernel, can: bcm): A proc entry is created per BCM socket on connect and is leaked when the bound netdev is unregistered, due to bcm_notify/bcm_proc_read handling. Reproducer uses connect to vxcan1, unregisters dev, and a second connect attempts to allocate a proc entry with...
CVE-2024-46771 can: bcm: Remove proc entry when dev is unregistered.
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcmconnect below. 0 The repro calls connect to vxcan1, removes vxcan1, and calls connect with ifindex == 0. Calling connect for a BCM socket...
OESA-2024-2142 wpa_supplicant security update
wpasupplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key...
kernel: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()
A vulnerability was found in the Linux kernel in the ntbnetdevrxhandler function which calls the function netifrx, which can only be called from interrupt context, in a preemptible context. This vulnerability can lead to potential race conditions and system instability...
CVE-2024-43887
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...
CVE-2024-43887 net/tcp: Disable TCP-AO static key after RCU grace period
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...
CVE-2024-43887
The CVE-2024-43887 entry relates to the Linux kernel (net/tcp) TCP-AO static key handling. The vulnerability arises because the lifetime of the TCP-AO static_key is tied to the last tcp_ao_info, and, if an RCU grace period is delayed, a CPU may observe a tcp_ao_info that is about to be deallocate...
CVE-2024-43887
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...
CVE-2024-43887 net/tcp: Disable TCP-AO static key after RCU grace period
In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...
DEBIAN-CVE-2022-48914
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
UBUNTU-CVE-2022-48914
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before realnumtxqueues is zeroed xennetdestroyqueues relies on info-netdev-realnumtxqueues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 "net-sysfs: update the queue counts in the...
SUSE CVE-2024-42282
In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy netdevice handling Move the freeing of the dummy netdevice from mtkfreedev to mtkremove. Previously, if allocnetdevdummy failed in mtkprobe, eth-dummydev would be NUL...
CVE-2024-43817
The CVE CVE-2024-43817 describes a Linux kernel vulnerability in the virtio_net path: two missing checks in virtio_net_hdr_to_skb() can trigger a crash. The issues arise when after skb_segment the buffer remains non-linear (nr_frags != 0) and SKBTX_SHARED_FRAG is not set, preventing __skb_lineari...
PT-2024-29833 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential NULL pointer dereference in dummy net device handling has been resolved. The issue occurred when alloc netdev dummy failed in mtk probe, causing eth-dummy dev to be NULL. T...
kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: honor table dormant flag from netdev release event path The Linux kernel CVE team has assigned CVE-2024-36005 to this issue. Upstream advisory:...
kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: honor table dormant flag from netdev release event path The Linux kernel CVE team has assigned CVE-2024-36005 to this issue. Upstream advisory:...
kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: honor table dormant flag from netdev release event path The Linux kernel CVE team has assigned CVE-2024-36005 to this issue. Upstream advisory:...
kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: honor table dormant flag from netdev release event path The Linux kernel CVE team has assigned CVE-2024-36005 to this issue. Upstream advisory:...
SUSE CVE-2024-5290
An issue was discovered in Ubuntu wpasupplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpasupplicant runs as usually root. Membership in the netdev group or access to the dbus interface of...