CVE-2024-36972

In the Linux kernel, the following vulnerability has been resolved: afunix: Update unixsksk-oobskb under skreceivequeue lock. Billy Jheng Bing-Jhong reported a race between unixgc and queueoob. unixgc tries to garbage-collect closed inflight sockets, and then if the socket has MSGOOB in...

SUSE CVE-2024-35970

In the Linux kernel, the following vulnerability has been resolved: afunix: Clear stale u-oobskb. syzkaller started to report deadlock of unixgclock after commit 4090fa373f0e "afunix: Replace garbage collection algorithm.", but it just uncovers the bug that has been there since commit 314001f0bf9...

CVE-2024-35970

A vulnerability was found in the Linux kernel's Unix domain socket afunix implementation, where stale Out-of-Band OOB data is not cleared from the receive queue. This issue arises when OOB data is dequeued but the associated oobskb is not cleared, leading to incorrect behavior in subsequent recv...

UBUNTU-CVE-2024-35970

In the Linux kernel, the following vulnerability has been resolved: afunix: Clear stale u-oobskb. syzkaller started to report deadlock of unixgclock after commit 4090fa373f0e "afunix: Replace garbage collection algorithm.", but it just uncovers the bug that has been there since commit 314001f0bf9...

CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-26780

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-26780

CVE-2024-26780 | Linux kernel (af_unix) — The vulnerability centers on a task hang during purging oob_skb in GC. The root cause is that list_for_each_entry_safe() is not actually safe when a single skb has references from multiple sockets; freeing such an skb can unlink current and next sockets i...

CVE-2024-26750

CVE-2024-26750 affects the Linux kernel. The vulnerability was in af_unix garbage collection: a self-referencing oob_skb/FD scenario could cause __unix_gc() to hang due to a loop that fails to purge inflight sockets. The fix drops the oob_skb reference before purging the queue, allowing __skb_que...

CVE-2024-26750

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop oobskb ref before purging queue in GC. syzbot reported another task hung in unixgc. 0 The current while loop assumes that all of the left candidates have oobskb and calling kfreeskboobskb releases the remaining...