3 matches found
SUSE CVE-2026-31635
In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgkverifyresponse decodes authlen from the packet and is supposed to verify that it fits in the remaining bytes. The existing check is inverted, so oversized RESPONSE...
kernel: net: Heap overflow in skb_to_sgvec in macsec.c
A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment listskbshinfoskb-fraglist in the socket bufferskbbuff. The heap overflow occurred if 'MAXSKBFRAGS + 1' parameter and 'NETIFFFRAGLIST' feature are both used together. A remote user or...
UBUNTU-CVE-2017-7477
Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAXSKBFRAGS+1 size in conjunction with the NETIFFFRAGLIST feature, leading...