489 matches found
CVE-2022-48751
In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smcsetsockopt and it is caused by accessing smc-clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 0000000000000020 P...
DEBIAN-CVE-2022-48751
In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smcsetsockopt and it is caused by accessing smc-clcsock after clcsock was released. BUG: kernel NULL pointer dereference, address: 0000000000000020 P...
CVE-2021-47591
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCPULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow tcp sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that...
DEBIAN-CVE-2021-47593
In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern being set correctly: It prevents setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6; from working for plain tcp sockets any userspace-expose...
CVE-2021-47593
In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern being set correctly: It prevents setsockoptfd, IPPROTOTCP, TCPULP, "mptcp", 6; from working for plain tcp sockets any userspace-expose...
DEBIAN-CVE-2021-47591
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCPULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow tcp sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that...
CVE-2021-47591 mptcp: remove tcp ulp setsockopt support
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCPULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow tcp sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that...
CVE-2021-47591
CVE-2021-47591 affects the Linux kernel. The vulnerability arises from the TCP_ULP setsockopt mechanism, which is no longer supported for MPTCP as it is already used internally to connect subflow sockets to the MPTCP layer. In syzbot testing, a crash (KASAN null dereference) was observed on mptcp...
CVE-2021-47591 mptcp: remove tcp ulp setsockopt support
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCPULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow tcp sockets to the mptcp layer. syzbot managed to trigger a crash for mptcp connections that...
CVE-2024-36927
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...
SUSE CVE-2024-36915
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfcllcpsetsockopt unsafe copies syzbot reported unsafe calls to copyfromsockptr 1 Use copysafefromsockptr instead. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49 inline BUG:...
CVE-2024-36927
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...
DEBIAN-CVE-2024-36915
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfcllcpsetsockopt unsafe copies syzbot reported unsafe calls to copyfromsockptr 1 Use copysafefromsockptr instead. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49 inline BUG:...
CVE-2024-36927
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...
UBUNTU-CVE-2024-36915
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfcllcpsetsockopt unsafe copies syzbot reported unsafe calls to copyfromsockptr 1 Use copysafefromsockptr instead. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49 inline BUG:...
CVE-2024-36927 ipv4: Fix uninit-value access in __ip_make_skb()
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...
CVE-2024-36927 ipv4: Fix uninit-value access in __ip_make_skb()
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...
CVE-2024-36927
The CVE-2024-36927 issue is in the Linux kernel IPv4 path: uninit-value access in __ip_make_skb() due to a race with HDRINCL. The fix checks FLOWI_FLAG_KNOWN_NH on fl4->flowi4_flags instead of socket HDRINCL, and explicitly initializes fl4_icmp_type and fl4_icmp_code in raw_sendmsg() (the fiel...
SUSE CVE-2024-35896
In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 "bpf: Try to avoid kzalloc in cgroup/s,getsockopt" setsockopt @optlen argument should be...
SUSE CVE-2024-35963
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Fix not validating setsockopt user input Check user input length before copying data...