18 matches found
OESA-2024-2590 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect...
DEBIAN-CVE-2024-47711
In the Linux kernel, the following vulnerability has been resolved: afunix: Don't return OOB skb in manageoob. syzbot reported use-after-free in unixstreamrecvurg. 0 The scenario is 1. sendMSGOOB 2. recvMSGOOB - The consumed OOB remains in recv queue 3. sendMSGOOB 4. recv - manageoob returns the...
UBUNTU-CVE-2024-47711
In the Linux kernel, the following vulnerability has been resolved: afunix: Don't return OOB skb in manageoob. syzbot reported use-after-free in unixstreamrecvurg. 0 The scenario is 1. sendMSGOOB 2. recvMSGOOB - The consumed OOB remains in recv queue 3. sendMSGOOB 4. recv - manageoob returns the...
CVE-2024-47711 af_unix: Don't return OOB skb in manage_oob().
In the Linux kernel, the following vulnerability has been resolved: afunix: Don't return OOB skb in manageoob. syzbot reported use-after-free in unixstreamrecvurg. 0 The scenario is 1. sendMSGOOB 2. recvMSGOOB - The consumed OOB remains in recv queue 3. sendMSGOOB 4. recv - manageoob returns the...
CVE-2024-47711
In the Linux kernel, the following vulnerability has been resolved: afunix: Don't return OOB skb in manageoob. syzbot reported use-after-free in unixstreamrecvurg. 0 The scenario is 1. sendMSGOOB 2. recvMSGOOB - The consumed OOB remains in recv queue 3. sendMSGOOB 4. recv - manageoob returns the...
SUSE CVE-2024-36972
In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect closed inflight sockets, and then if the socket has MSGOOB in...
AZL-48759 CVE-2024-36972 affecting package kernel for versions less than 6.6.64.2-9
In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect closed inflight sockets, and then if the socket has MSGOOB in...
CVE-2024-35970
A vulnerability was found in the Linux kernel's Unix domain socket afunix implementation, where stale Out-of-Band OOB data is not cleared from the receive queue. This issue arises when OOB data is dequeued but the associated oobskb is not cleared, leading to incorrect behavior in subsequent recv...
DEBIAN-CVE-2024-35970
In the Linux kernel, the following vulnerability has been resolved: afunix: Clear stale u-oobskb. syzkaller started to report deadlock of unixgclock after commit 4090fa373f0e "afunix: Replace garbage collection algorithm.", but it just uncovers the bug that has been there since commit 314001f0bf9...
CVE-2024-35970 af_unix: Clear stale u->oob_skb.
In the Linux kernel, the following vulnerability has been resolved: afunix: Clear stale u-oobskb. syzkaller started to report deadlock of unixgclock after commit 4090fa373f0e "afunix: Replace garbage collection algorithm.", but it just uncovers the bug that has been there since commit 314001f0bf9...
CVE-2024-35970 af_unix: Clear stale u->oob_skb.
In the Linux kernel, the following vulnerability has been resolved: afunix: Clear stale u-oobskb. syzkaller started to report deadlock of unixgclock after commit 4090fa373f0e "afunix: Replace garbage collection algorithm.", but it just uncovers the bug that has been there since commit 314001f0bf9...
SUSE CVE-2024-26676
In the Linux kernel, the following vulnerability has been resolved: afunix: Call kfreeskb for dead unixsk-oobskb in GC. syzbot reported a warning 0 in unixgc with a repro, which creates a socketpair and sends one socket's fd to itself using the peer. socketpairAFUNIX, SOCKSTREAM, 0, 3, 4 = 0...
CVE-2024-26780
A flaw was found in the Linux kernel's afunix subsystem where tasks could hang while purging out-of-bounds sockets during garbage collection. This issue could potentially lead to system instability. Mitigation Mitigation for this issue is either not available or the currently available options do...
UBUNTU-CVE-2024-26750
In the Linux kernel, the following vulnerability has been resolved: afunix: Drop oobskb ref before purging queue in GC. syzbot reported another task hung in unixgc. 0 The current while loop assumes that all of the left candidates have oobskb and calling kfreeskboobskb releases the remaining...
CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...
CVE-2024-26750 af_unix: Drop oob_skb ref before purging queue in GC.
In the Linux kernel, the following vulnerability has been resolved: afunix: Drop oobskb ref before purging queue in GC. syzbot reported another task hung in unixgc. 0 The current while loop assumes that all of the left candidates have oobskb and calling kfreeskboobskb releases the remaining...
GSD-2022-1007095 af_unix: Fix memory leaks of the whole sk due to OOB skb.
afunix: Fix memory leaks of the whole sk due to OOB skb. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.78 by commit...
GSD-2022-1006845 af_unix: Fix memory leaks of the whole sk due to OOB skb.
afunix: Fix memory leaks of the whole sk due to OOB skb. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...