591 matches found
DEBIAN-CVE-2024-46749
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuartflush This adds a check before freeing the rx-skb in flush and close functions to handle the kernel crash seen while removing driver after FW download fails or before...
CVE-2023-52889
...
CVE-2024-35856
...
UBUNTU-CVE-2024-44985
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6xmit If skbexpandhead returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcureadlock to prevent a possible UAF...
UBUNTU-CVE-2024-44986
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6finishoutput2 If skbexpandhead returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcureadlock to make sure the dst and associated idev are alive...
kernel: net: amd-xgbe: Fix skb data length underflow
In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUGON triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length...
AZL-48594 CVE-2024-44946 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenario is 1. Thread A builds a skb with MSGMORE and sets kcm-seqskb. 2. Thread A resumes building skb from kcm-seqskb but is blocked by...
kernel: TIPC message reassembly use-after-free remote code execution vulnerability
A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...
UBUNTU-CVE-2024-43861
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive...
kernel: TIPC message reassembly use-after-free remote code execution vulnerability
A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...
DEBIAN-CVE-2024-43817
In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a missing required check in the virtionethdrtoskb function, causing the kernel to crash...
wifi: mt76: replace skb_put with skb_put_zero
...
kernel: TIPC message reassembly use-after-free remote code execution vulnerability
A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...
kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb-protocol,data,macheader for outer header in nshgsosegment. syzbot triggered various splats see 0 and links by a crafted GSO packet of VIRTIONETHDRGSOUDP layering the following protocols: ETHP8021AD + ETHPNSH +...
kernel: TIPC message reassembly use-after-free remote code execution vulnerability
A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...
kernel: bnxt: prevent skb UAF after handing over to PTP worker
A possible use-after-free after handing over to PTP worker was found in the Linux kernel. This may lead to a crash...
kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs
In the Linux kernel, the following vulnerability has been resolved: net: core: reject skbcopyexpand for fraglist GSO skbs SKBGSOFRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skbcopy or skbcopyexpand, in order to prevent a crash on a...
SUSE CVE-2024-41046
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times...
SUSE CVE-2024-41048
In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in skmsgrecvmsg When running BPF selftests ./testprogs -t sockmapbasic on a Loongarch platform, the following kernel panic occurs: ... Oops1: CPU: 22 PID: 2824 Comm: testprogs Tainted: G OE 6.10.0-rc2+...