CVE-2024-26766

CVE-2024-26766 affects the Linux kernel’s IB/hfi1 path. The root cause is an off-by-one error in the sdma.h tx descriptor handling that, when a send consists of six descriptors and requires a seventh-dword padding, prevents proper expansion of the sdma_txreq descriptor array. This overflow can co...

CVE-2024-26766

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx-numdescs off-by-one error Unfortunately the commit fd8958efe877 introduced another error causing the descs array to overflow. This reults in further crashes easily reproducible by sendmsg system call...

CVE-2024-26766 IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx-numdescs off-by-one error Unfortunately the commit fd8958efe877 introduced another error causing the descs array to overflow. This reults in further crashes easily reproducible by sendmsg system call...

SUSE CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header 1 Like some others, llcuisendmsg...

DEBIAN-CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header 1 Like some others, llcuisendmsg...

UBUNTU-CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header 1 Like some others, llcuisendmsg...

CVE-2023-52523

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Reject skmsg egress redirects to non-TCP sockets With a SOCKMAP/SOCKHASH map and an skmsg program user can steer messages sent from one TCP socket s1 to actually egress from another TCP socket s2: tcpbpfsendmsgs1 //...

CVE-2023-52523 bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Reject skmsg egress redirects to non-TCP sockets With a SOCKMAP/SOCKHASH map and an skmsg program user can steer messages sent from one TCP socket s1 to actually egress from another TCP socket s2: tcpbpfsendmsgs1 //...

CVE-2023-52483

In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups mctproutelookup and mctproutelookupnull traverse the net's route list without the RCU read lock held. This means the route lookup is subject to...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups mctproutelookup and mctproutelookupnull traverse the net's route list without the RCU read lock held. This means the route lookup is subject to...

CVE-2023-52483

In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups mctproutelookup and mctproutelookupnull traverse the net's route list without the RCU read lock held. This means the route lookup is subject to...

kernel: rxrpc: Make it so that a waiting process can be aborted

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Make it so that a waiting process can be aborted When sendmsg creates an rxrpc call, it queues it to wait for a connection and channel to be assigned and then waits before it can start shovelling data as the encrypted DATA...

PT-2023-9488 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mctp component in the Linux kernel, where route lookups are performed without proper read-side critical section locks, leading to potential preemption and...

Linux Kernel Improper Input Validation Vulnerability

Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets RDS protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls...

VulnCheck KEV: CVE-2010-3904

Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets RDS protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls...

kernel: rxrpc: Fix locking in rxrpc's sendmsg

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: 1 rxrpcnewclientcall should release the socket lock when returning an error from rxrpcgetcallslot. 2 rxrpcwaitfortxwindowintr will return...

kernel: bpf, sockmap: Fix double uncharge the mem of sk_msg

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix double uncharge the mem of skmsg If tcpbpfsendmsg is running during a tear down operation, psock may be freed. tcpbpfsendmsg tcpbpfsendverdict skmsgreturn tcpbpfsendmsgredir unlikely!psock skmsgfree The mem of m...

SUSE CVE-2005-2490

Stack-based buffer overflow in the sendmsg function call in the Linux kernel 2.6 before 2.6.13.1 allows local users to execute arbitrary code by calling sendmsg and modifying the message contents in another thread...

SUSE CVE-2005-2492

The rawsendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service change hardware state or read from arbitrary memory via crafted input...

SUSE CVE-2008-5300

Linux kernel 2.6.28 allows local users to cause a denial of service "soft lockup" and process loss via a large number of sendmsg function calls, which does not block during AFUNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029...