ksmbd: fix potencial out-of-bounds when buffer offset is invalid

...

SUSE CVE-2021-47243

In the Linux kernel, the following vulnerability has been resolved: schcake: Fix out of bounds when parsing TCP options and header The TCP option parser in cake qdisc cakegettcpopt and caketcphmaydrop could read one byte out of bounds. When the length is 1, the execution flow gets into the loop,...

SUSE CVE-2023-52769

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix htt mlo-offset event locking The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12kmacgetarbypdevid was not marked as a read-side critical section. Mark the code i...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing f...

kernel: smb: client: fix potential OOBs in smb2_parse_contexts()

A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts...

xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing f...

DEBIAN-CVE-2023-52769

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix htt mlo-offset event locking The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12kmacgetarbypdevid was not marked as a read-side critical section. Mark the code i...

DEBIAN-CVE-2023-52755

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size...

AZL-47639 CVE-2023-52755 affecting package kernel for versions less than 6.6.3.1-1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size...

UBUNTU-CVE-2023-52769

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix htt mlo-offset event locking The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12kmacgetarbypdevid was not marked as a read-side critical section. Mark the code i...

CVE-2023-52769 wifi: ath12k: fix htt mlo-offset event locking

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix htt mlo-offset event locking The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12kmacgetarbypdevid was not marked as a read-side critical section. Mark the code i...

CVE-2023-52769

CVE-2023-52769 concerns the Linux kernel wireless driver ath12k. The issue arises in the htt_mlo_offset event handling path, where the code calling ath12k_mac_get_ar_by_pdev_id() was not protected by an RCU read-side critical section, potentially enabling use-after-free in active pdev contexts. T...

CVE-2023-52769 wifi: ath12k: fix htt mlo-offset event locking

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix htt mlo-offset event locking The ath12k active pdevs are protected by RCU but the htt mlo-offset event handling code calling ath12kmacgetarbypdevid was not marked as a read-side critical section. Mark the code i...

SUSE CVE-2024-35787

In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sbindex Commit d7038f951828 "md-bitmap: don't use -index for pages backing the bitmap file" removed page-index from bitmap code, but left wrong code logic for clustered-md. current code never...

SUSE CVE-2024-35903

In the Linux kernel, the following vulnerability has been resolved: x86/bpf: Fix IP after emitting call depth accounting Adjust the IP passed to emitpatch so it calculates the correct offset for the CALL instruction if x86calldepthemitaccounting emits code. Otherwise we will skip some instruction...

SUSE CVE-2024-35962

In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that doreplace handlers use copyfromsockptr which I fixed, followed by unsafe copyfromsockptroffset calls. In all functions, we can perform the @optlen...

CVE-2024-35936 btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfsrelocatesyschunks The unhandled case in btrfsrelocatesyschunks loop is a corruption, as it could be caused only by two impossible conditions: - at first the search key is set up to lo...

CVE-2024-35917

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...

DEBIAN-CVE-2024-35903

In the Linux kernel, the following vulnerability has been resolved: x86/bpf: Fix IP after emitting call depth accounting Adjust the IP passed to emitpatch so it calculates the correct offset for the CALL instruction if x86calldepthemitaccounting emits code. Otherwise we will skip some instruction...