413 matches found
PT-2022-34000 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 4.15 through 5.10.139 Description: The issue concerns a locking problem in the rxrpc's sendmsg function. The actual impact and potential for attack have not been proven yet. Recommendations: For Linux Kernel versions 4.1...
GSD-2022-1005442 rxrpc: Fix locking in rxrpc's sendmsg
rxrpc: Fix locking in rxrpc's sendmsg This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.64 by commit 2bc769b8edb158be7379d15f36e23d66cf85005...
GSD-2022-1005036 rxrpc: Fix locking in rxrpc's sendmsg
rxrpc: Fix locking in rxrpc's sendmsg This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.6 by commit 091dc91e119fdd61432347231724f4e861c6b465...
PT-2022-33700 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.64 Description: The issue concerns a locking problem in rxrpc's sendmsg. The actual impact and potential for attack have not been proven yet. Recommendations: For Linux Kernel versions prior to v5.15.64,...
PT-2022-33294 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.6 Description: The issue concerns a locking problem in rxrpc's sendmsg. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.19.6, upda...
kernel: tcp: fix page frag corruption on page fault
A vulnerability was found in the Linux kernel's TCP subsystem in the tcpsendmsglocked function, which can lead to page fragment corruption during a page fault, which occurs when a TCP stream experiences nested access to the task page fragment due to a page fault while handling memory-mapped...
GSD-2022-1002241 bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.189 by commit...
GSD-2022-1002079 bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...
GSD-2022-1001208 bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full
bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
kernel: tcp: fix page frag corruption on page fault
A vulnerability was found in the Linux kernel's TCP subsystem in the tcpsendmsglocked function, which can lead to page fragment corruption during a page fault, which occurs when a TCP stream experiences nested access to the task page fragment due to a page fault while handling memory-mapped...
GSD-2022-1000506 tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
tcp: take care of mixed splice/sendmsgMSGZEROCOPY case This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.10 by commit...
UBUNTU-CVE-2021-3640
A flaw use-after-free in function scosocksendmsg of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIOREGISTER or other way triggers race condition of the call scoconndel together with the call scosocksendmsg with the expected controllable faulting memory page. A privilege...
PT-2024-11298 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an uninitialized value in the caif seqpkt sendmsg function, which is defined in sys sendmsg. When nr segs equals zero in iovec from user, the object msg-msg...
CVE-2020-7460
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...
CVE-2020-7460
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...
Input validation
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...
CVE-2020-7460
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...
CVE-2020-7460
The CVE-2020-7460 issue affects FreeBSD on 64-bit platforms where the 32-bit compat32 sendmsg path contains a TOCTOU vulnerability. A 32-bit or 64-bit process could trigger a mailcious userspace program to modify control message headers after validation, enabling kernel-level impact. Affected ran...
FreeBSD : FreeBSD -- sendmsg(2) privilege escalation (8db74c04-d794-11ea-88f8-901b0ef719ab)
When handling a 32-bit sendmsg2 call, the compat32 subsystem copies the control message to be transmitted if any into kernel memory, and adjusts alignment of control message headers. The code which performs this work contained a time-of-check to time-of-use TOCTOU vulnerability which allows a...
FreeBSD Kernel sendmsg System Call Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...