202 matches found
CVE-2024-50259 netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite This was found by a static analyzer. We should not forget the trailing zero after copyfromuser if we will further do some string operations,...
CVE-2024-50259
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite This was found by a static analyzer. We should not forget the trailing zero after copyfromuser if we will further do some string operations,...
CVE-2024-50259
CVE-2024-50259 affects the Linux kernel via the netdevsim component. The issue is caused by missing a trailing NUL after copy_from_user() in nsim_nexthop_bucket_activity_write(), which could affect string handling in that function. A fix adds the trailing zero to ensure proper operation. The CVE ...
CVE-2024-50259 netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite This was found by a static analyzer. We should not forget the trailing zero after copyfromuser if we will further do some string operations,...
SUSE CVE-2024-50155
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
DEBIAN-CVE-2024-50155
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
AZL-53594 CVE-2024-50155 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
CVE-2024-50155
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
CVE-2024-50155 netdevsim: use cond_resched() in nsim_dev_trap_report_work()
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
CVE-2024-50155
CVE-2024-50155 affects the Linux kernel’s netdevsim driver, specifically the nsim_dev_trap_report_work() path. The issue arises from not using conditional rescheduling in the work that handles trap reports, which can cause a task to be blocked for long periods (as seen in syzbot output). The conn...
CVE-2024-50155
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
CVE-2024-50155 netdevsim: use cond_resched() in nsim_dev_trap_report_work()
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
CVE-2024-50155 netdevsim: use cond_resched() in nsim_dev_trap_report_work()
In the Linux kernel, the following vulnerability has been resolved: netdevsim: use condresched in nsimdevtrapreportwork I am still seeing many syzbot reports hinting that syzbot might fool nsimdevtrapreportwork with hundreds of ports 1 Lets use condresched, and systemunboundwq instead of implicit...
Unbreakable Enterprise kernel security update
5.15.0-301.163.5.2 - mm: avoid leaving partial pfn mappings around in error case Linus Torvalds Orabug: 37174198 CVE-2024-47674 - Revert 'Documentation/admin-guide/acpi: Move information out of shell script comments' Dave Kleikamp Orabug: 37144820 - Revert 'irqchip/gic-v3: Move partitioncreatedes...
ROS-20241015-13
A vulnerability in the libceph component of the Linux kernel is related to incorrect input validation of the in the getreply and prepnextsparseread functions in net/ceph/osdclient.c, in the decrypttail and preparereadtailplain in net/ceph/messengerv2.c, in sizeoffooter, readpartialsparsemsgdata,...
CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...
CVE-2021-47371
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks 1 that can be reduced to the following commands: ip nexthop add id 1 blackhole devlink dev reload pci/0000:06:00.0 As part of the...
UBUNTU-CVE-2021-47371
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks 1 that can be reduced to the following commands: ip nexthop add id 1 blackhole devlink dev reload pci/0000:06:00.0 As part of the...
CVE-2021-47371 nexthop: Fix memory leaks in nexthop notification chain listeners
In the Linux kernel, the following vulnerability has been resolved: nexthop: Fix memory leaks in nexthop notification chain listeners syzkaller discovered memory leaks 1 that can be reduced to the following commands: ip nexthop add id 1 blackhole devlink dev reload pci/0000:06:00.0 As part of the...
SUSE CVE-2024-26681
In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in nsimdevtrapreportwork Many syzbot reports include the following trace 1 If nsimdevtrapreportwork can not grab the mutex, it should rearm itself at least one jiffie later. 1 Sending NMI from CPU ...