CVE-2022-49697 bpf: Fix request_sock leak in sk lookup helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was findin...

CVE-2022-49697 bpf: Fix request_sock leak in sk lookup helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was findin...

CVE-2022-49697

CVE-2022-49697 concerns a leak in the Linux kernel caused by a BPF lookup path that could leak a request_sock. The issue occurs when a BPF program performs a socket lookup that takes a refcnt on the socket and, after locating the child request_socket, returns the parent LISTEN socket via sk_to_fu...

kernel: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

kernel: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in the reqsktimerhandler function in the tcp module, which could cause the kernel...

CVE-2024-53206

CVE-2024-53206: In the Linux kernel, a use-after-free of nreq in reqsk_timer_handler() was fixed by replacing inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put(), and by passing orec to reqsk_put() instead of the original req. The issue could occur when a reqsk ...

OESA-2024-2495 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a...

UBUNTU-CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

DEBIAN-CVE-2024-26865

In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker warning 1. syzkaller could not find a repro, but in the log, the only...

kernel: bpf: Fix request_sock leak in sk lookup helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was findin...

kernel: bpf: Fix request_sock leak in sk lookup helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was findin...