Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. CVE-2024-46763 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

kernel: net/sched: flower: Fix chain template offload

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload The Linux kernel CVE team has assigned CVE-2024-26669 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040237-CVE-2024-26669-ca3c@gregkh/T...

kernel: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband

A vulnerability was found in the Linux kernel's rtw89 driver function rtw89scanget6gdisabledchan caused by its handling of 6 GHz band channels during scans. A lack of proper sband checks can lead to a situation where the sband is not available due to device limitations/restrictions set by the BIO...

kernel: nouveau: offload fence uevents work to workqueue

In the Linux kernel, the following vulnerability has been resolved: nouveau: offload fence uevents work to workqueue This should break the deadlock between the fctx lock and the irq lock. This offloads the processing off the work from the irq into a workqueue...

kernel: net: veth: clear GRO when clearing XDP even when down

In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down The Linux kernel CVE team has assigned CVE-2024-26803 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024040404-CVE-2024-26803-9985@gregkh/T...

gso: fix udp gso fraglist segmentation after pull from frag_list

...

SUSE CVE-2024-50261

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

DEBIAN-CVE-2024-50261

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

UBUNTU-CVE-2024-50261

In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadatadst, which is used to store the SCI value for macsec offload, is already freed by metadatadstfree in macsecfreenetdev,...

CVE-2024-10589

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...

CVE-2024-10589 Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the importsettings function in all versions up to, and including, 3.1.1. This makes it possible for authenticate...

PT-2024-16387 · WordPress · Leopard - Wordpress Offload Media

Name of the Vulnerable Software and Affected Versions: Leopard - WordPress Offload Media plugin versions up to, and including, 3.1.1 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the import settings function...

kernel: netfilter: flowtable: initialise extack before use

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload...

kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok

In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bondipsecoffloadok We must check if there is an active slave before dereferencing the pointer...

kernel: bonding: fix xfrm real_dev null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

kernel: netfilter: flowtable: initialise extack before use

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload...

kernel: gso: do not skip outer ip header in case of ipip and net_failover

In the Linux kernel, the following vulnerability has been resolved: gso: do not skip outer ip header in case of ipip and netfailover We encounter a tcp drop issue in our cloud environment. Packet GROed in host forwards to a VM virtionet nic with netfailover enabled. VM acts as a IPVS LB with ipip...

kernel: netfilter: flowtable: initialise extack before use

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload...

SUSE CVE-2022-48976

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtableoffload: fix using thiscpuadd in preemptible flowoffloadqueuework can be called in workqueue without bh disabled, like the call trace showed in my actct testing, calling NFFLOWTABLESTATINC there would cause a...

CVE-2022-48976

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtableoffload: fix using thiscpuadd in preemptible flowoffloadqueuework can be called in workqueue without bh disabled, like the call trace showed in my actct testing, calling NFFLOWTABLESTATINC there would cause a...