9 matches found
CVE-2024-46858 mptcp: pm: Fix uaf in __timer_delete_sync
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...
CVE-2024-46858 mptcp: pm: Fix uaf in __timer_delete_sync
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...
CVE-2024-40957
In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NFHOOK in End.DX4 and End.DX6 behaviors inputactionenddx4 and inputactionenddx6 are called NFHOOK for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outde...
CVE-2024-40957
In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NFHOOK in End.DX4 and End.DX6 behaviors inputactionenddx4 and inputactionenddx6 are called NFHOOK for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outde...
CVE-2024-40957 seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NFHOOK in End.DX4 and End.DX6 behaviors inputactionenddx4 and inputactionenddx6 are called NFHOOK for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outde...
CVE-2024-40957
In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NFHOOK in End.DX4 and End.DX6 behaviors inputactionenddx4 and inputactionenddx6 are called NFHOOK for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outde...
CVE-2024-26641 ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...
CVE-2023-52577 dccp: fix dccp_v4_err()/dccp_v6_err() again
In the Linux kernel, the following vulnerability has been resolved: dccp: fix dccpv4err/dccpv6err again dh-dccphx is the 9th byte offset 8 in "struct dccphdr", not in the "byte 7" as Jann claimed. We need to make sure the ICMP messages are big enough, using more standard ways no more assumptions...
Linux Kernel 2.6.19 (Debian 4) - udp_sendmsg Local Privilege Escalation (3)
Linux Kernel 2.6.19 Debian 4 - udpsendmsg Local Privilege Escalation 3 / hoagieudpsendmsg.c LOCAL LINUX KERNEL ROOT EXPLOIT include include include include include include include include / this code will be called from NFHOOK via output callback in kernel mode / void setcurrenttaskuidsgidstozero...