kernel: veth: ensure skb entering GRO are not cloned.

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

kernel: gso: do not skip outer ip header in case of ipip and net_failover

In the Linux kernel, the following vulnerability has been resolved: gso: do not skip outer ip header in case of ipip and netfailover We encounter a tcp drop issue in our cloud environment. Packet GROed in host forwards to a VM virtionet nic with netfailover enabled. VM acts as a IPVS LB with ipip...

kernel: gso: do not skip outer ip header in case of ipip and net_failover

In the Linux kernel, the following vulnerability has been resolved: gso: do not skip outer ip header in case of ipip and netfailover We encounter a tcp drop issue in our cloud environment. Packet GROed in host forwards to a VM virtionet nic with netfailover enabled. VM acts as a IPVS LB with ipip...

PT-2024-5864 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's gso component, which fails to skip the outer IP header in certain cases, such as when using ipip and net failover. This can cause a TCP drop...

kernel: veth: ensure skb entering GRO are not cloned.

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

kernel: veth: ensure skb entering GRO are not cloned.

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

GSD-2022-1006586 net/sched: taprio: avoid disabling offload when it was never enabled

net/sched: taprio: avoid disabling offload when it was never enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.146 by commit...

GSD-2022-1006560 net: enetc: deny offload of tc-based TSN features on VF interfaces

net: enetc: deny offload of tc-based TSN features on VF interfaces This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.71 by commit...

GSD-2022-1006559 net/sched: taprio: avoid disabling offload when it was never enabled

net/sched: taprio: avoid disabling offload when it was never enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.71 by commit...

GSD-2022-1006520 net: enetc: deny offload of tc-based TSN features on VF interfaces

net: enetc: deny offload of tc-based TSN features on VF interfaces This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.12 by commit...

GSD-2022-1006519 net/sched: taprio: avoid disabling offload when it was never enabled

net/sched: taprio: avoid disabling offload when it was never enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.12 by commit...

GSD-2022-1006476 net: enetc: deny offload of tc-based TSN features on VF interfaces

net: enetc: deny offload of tc-based TSN features on VF interfaces This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0 by commit...

GSD-2022-1006473 net/sched: taprio: avoid disabling offload when it was never enabled

net/sched: taprio: avoid disabling offload when it was never enabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0 by commit...

PT-2022-34775 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.12 Description: The issue is related to the taprio component in the Linux Kernel, where offload may not be properly disabled when it was never enabled. The actual impact and attack plausibility have not ye...

PT-2022-34815 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.71 Description: The issue is related to the taprio component in the net/sched module, where offload can be disabled even if it was never enabled. The actual impact and attack plausibility have not yet been...

PT-2022-34816 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.71 Description: The issue concerns the denial of offload of tc-based TSN features on VF interfaces. It was introduced in version v5.5 and fixed in version v5.15.71. The actual impact and attack plausibilit...

GSD-2022-1006404 netfilter: nf_tables: clean up hook list when offload flags check fails

netfilter: nftables: clean up hook list when offload flags check fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.143 by commit...

GSD-2022-1006379 netfilter: nf_tables: clean up hook list when offload flags check fails

netfilter: nftables: clean up hook list when offload flags check fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.68 by commit...

GSD-2022-1006341 netfilter: nf_tables: clean up hook list when offload flags check fails

netfilter: nftables: clean up hook list when offload flags check fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.9 by commit...

PT-2022-34636 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.68 Description: The issue is related to the netfilter nf tables, where the hook list is not properly cleaned up when offload flags check fails. This is an automated ID intended to aid in discovery of...