CVE-2024-35976 xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDPUMEM|COMPLETIONFILLRING syzbot reported an illegal copy in xsksetsockopt 1 Make sure to validate setsockopt @optlen parameter. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset...

CVE-2024-35967

CVE-2024-35967: Linux Bluetooth SCO path vulnerable to not validating setsockopt input. syzbot reports copying data without input length check, causing slab-out-of-bounds reads via copy_from_sockptr_offset in include/linux/sockptr.h and an observed slab-out-of-bounds in sco_sock_setsockopt+0xc0b/...

CVE-2024-35967 Bluetooth: SCO: Fix not validating setsockopt user input

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported scosocksetsockopt is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49...

CVE-2024-35965 Bluetooth: L2CAP: Fix not validating setsockopt user input

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data...

CVE-2024-35965 Bluetooth: L2CAP: Fix not validating setsockopt user input

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data...

CVE-2024-35965 Bluetooth: L2CAP: Fix not validating setsockopt user input

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data...

CVE-2024-35964

CVE-2024-35964 : Linux kernel Bluetooth ISO component fixed an issue where setsockopt user input was not properly validated. The description states to check input length before copying data, indicating a potential input-validation/overflow risk. Connected advisories reference the CVE and confirm ...

CVE-2024-35963

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Fix not validating setsockopt user input Check user input length before copying data...

DEBIAN-CVE-2024-35896

In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 "bpf: Try to avoid kzalloc in cgroup/s,getsockopt" setsockopt @optlen argument should be...

CVE-2024-35896

In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 "bpf: Try to avoid kzalloc in cgroup/s,getsockopt" setsockopt @optlen argument should be...

UBUNTU-CVE-2024-35896

In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 "bpf: Try to avoid kzalloc in cgroup/s,getsockopt" setsockopt @optlen argument should be...

CVE-2024-35896 netfilter: validate user input for expected length

In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 "bpf: Try to avoid kzalloc in cgroup/s,getsockopt" setsockopt @optlen argument should be...

CVE-2022-48651

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

CVE-2022-48651

CVE-2022-48651 affects the Linux kernel ipvlan path. When an AF_PACKET socket uses PACKET_QDISC_BYPASS and the default xmit path is switched, skb->mac_header may remain at 65535, yielding slab-out-of-bounds in ipvlan_xmit_mode_l2. Root causes: packet_snd() only resets skb->mac_header for SO...

CVE-2022-48651 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

CVE-2022-48651 ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

CVE-2022-48651

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb-macheader If an AFPACKET socket is used to send packets through ipvlan and the default xmit function of the AFPACKET socket is changed from devqueuexmit to packetdirectxmit via...

DEBIAN-CVE-2024-26862

In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignoreoutgoing ignoreoutgoing is read locklessly from devqueuexmitnit and packetgetsockopt Add appropriate READONCE/WRITEONCE annotations. syzbot reported: BUG: KCSAN: data-race in devqueuexmitn...

SUSE CVE-2024-26732

In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockoptSOPEEKOFF syzbot reported a lockdep violation 1 involving afunix support of SOPEEKOFF. Since SOPEEKOFF is inherently not thread safe it uses a per-socket skpeekoff field, there is really no point...

PT-2024-27206

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0 Description The vulnerability is related to unsafe copies in the nfc llcp setsockopt function. Syzbot reported unsafe calls to copy from sockptr. The issue can be resolved by using copy safe from sockptr...