4 matches found
CVE-2025-71096
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LSNLATYPEDGID correctly The netlink response for RDMANLLSOPIPRESOLVE should always have a LSNLATYPEDGID attribute, it is invalid if it does not. Use the nl parsing logic properly and call...
CVE-2023-53456
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxxsetchapentry - qla4xxxifacesetparam - qla4xxxsysfsddbsetparam and each of them directly converts the nlattr to...
CVE-2023-53456
During CVE-2023-53456, the Linux kernel scsi/qla4xxx nlattrs parsing lacked length validation in three code paths: qla4xxx_set_chap_entry(), qla4xxx_iface_set_param(), and qla4xxx_sysfs_ddb_set_param(). This could allow out-of-bounds reads and leak heap data. The fix adds a nla_len check and retu...
Kernel: filter: prevent nla extensions to peek beyond the end of the message
The 1 BPFSANCNLATTR and 2 BPFSANCNLATTRNEST extension implementations in the skrunfilter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service integer underflow and...