CVE-2024-42106 inet_diag: Initialize pad field in struct inet_diag_req_v2

In the Linux kernel, the following vulnerability has been resolved: inetdiag: Initialize pad field in struct inetdiagreqv2 KMSAN reported uninit-value access in rawlookup 1. Diag for raw sockets uses the pad field in struct inetdiagreqv2 for the underlying protocol. This field corresponds to the...

CVE-2024-36927

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

CVE-2021-47250

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in netlblcipsov4addstd Reported by syzkaller: BUG: memory leak unreferenced object 0xffff888105df7000 size 64: comm "syz-executor842", pid 360, jiffies 4294824824 age 22.546s hex dump first 32 bytes: 00...

CVE-2023-52435 net: prevent mss overflow in skb_segment()

In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skbsegment Once again syzbot is able to crash the kernel in skbsegment 1 GSOBYFRAGS is a forbidden value, but unfortunately the following computation in skbsegment can reach it quite easily : mss = ms...