CVE-2021-47563 ice: avoid bpf_prog refcount underflow

In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpfprog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndobpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an interface...

SUSE CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg

A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the btsockrecvmsg and btsockioctl functions could lead to a use-after-free on a socket buffer "skb". This flaw allows a local user to cause a denial of service condition or potential code execution...

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

DEBIAN-CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

CVE-2021-47448

CVE-2021-47448 affects the Linux kernel MPTCP recvmsg path. If the caller uses MSG_WAITALL and insufficient data remains to satisfy the request, recvmsg can stall in an infinite loop because mptcp_wait_data() detects MPTCP_DATA_READY and never clears it in that code path. This can trigger an RCU ...

CVE-2021-47448 mptcp: fix possible stall on recvmsg()

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

CVE-2021-47448 mptcp: fix possible stall on recvmsg()

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that if the caller provides MSGWAITALL, the data present in the receive queue does not satisfy the...

CVE-2023-52701

In the Linux kernel, the following vulnerability has been resolved: net: use a bounce buffer for copying skb-mark syzbot found arm64 builds would crash in sockrecvmark when CONFIGHARDENEDUSERCOPY=y x86 and powerpc are not detecting the issue because they define useraccessbegin. This will be handl...

CVE-2024-35970

A vulnerability was found in the Linux kernel's Unix domain socket afunix implementation, where stale Out-of-Band OOB data is not cleared from the receive queue. This issue arises when OOB data is dequeued but the associated oobskb is not cleared, leading to incorrect behavior in subsequent recv...

CVE-2024-35970

The CVE-2024-35970 issue affects the Linux kernel AF_UNIX socket path. The root cause is improper handling of OOB data: when an OOB skb is dequeued, unix_sock(sk)->oob_skb is not cleared, causing incorrect uAPI state and potential deadlocks. Repro shows a socketpair exchange where MSG_OOB is u...

CVE-2024-35970 af_unix: Clear stale u->oob_skb.

In the Linux kernel, the following vulnerability has been resolved: afunix: Clear stale u-oobskb. syzkaller started to report deadlock of unixgclock after commit 4090fa373f0e "afunix: Replace garbage collection algorithm.", but it just uncovers the bug that has been there since commit 314001f0bf9...

kernel: tls: race between async notify and socket close

A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete; any code past that point risks touching already freed data. This could lead to a use-after-free issue an...

kernel: use-after-free in net/atm/ioctl.c

A use-after-free flaw was found in the Linux kernel's net/atm/ioctl.c ATM networking technology driver: dovccioctl in net/atm/ioctl.c is vulnerable to use-after-free due to a race condition in vccrecvmsg. This issue can allow an attacker to possibly gain unauthorized access, escalate privileges, ...

DEBIAN-CVE-2024-26886

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: afbluetooth: Fix deadlock Attemting to do socklock on .recvmsg may cause a deadlock as shown bellow, so instead of using socksock this uses skreceivequeue.lock on btsockioctl to avoid the UAF: INFO: task kworker/u9:1:1...

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

...