DEBIAN-CVE-2024-35856

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hcidevcdappend would free the skb on error so the caller don't have to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter...

DEBIAN-CVE-2024-27402

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

CVE-2024-27402

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

UBUNTU-CVE-2024-27402

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

CVE-2024-27402 phonet/pep: fix racy skb_queue_empty() use

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

CVE-2024-27402

CVE-2024-27402 affects the Linux kernel’s phonet/pep path. The description states a race in skb_queue_empty() is mishandled: receive queues are protected by their spin-locks, not the socket lock, which can cause skb_peek() to return NULL or a pointer to a socket buffer that has already been deque...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing the driver to prompt for SKB recycling...

AZL-40509 CVE-2024-26953 affecting package hyperv-daemons for versions less than 5.15.158.2-1

In the Linux kernel, the following vulnerability has been resolved: net: esp: fix bad handling of pages from pagepool When the skb is reorganized during espoutput !esp-inline, the pages coming from the original skb fragments are supposed to be released back to the system through putpage. But if t...

kernel: GC's deletion of an SKB races with unix_stream_read_generic() leading to UAF

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unixstreamreadgeneric on the socket that the SKB is queued on...

DEBIAN-CVE-2022-48637

In the Linux kernel, the following vulnerability has been resolved: bnxt: prevent skb UAF after handing over to PTP worker When reading the timestamp is required bnxttxint hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterwards, as the worker may run...

SUSE CVE-2024-26887

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix memory leak This checks if CONFIGDEVCOREDUMP is enabled before attempting to clone the skb and also make sure btmtkprocesscoredump frees the skb passed following the same logic...

SUSE CVE-2024-26857

In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneverx syzbot triggered a bug in geneverx 1 Issue is similar to the one I fixed in commit 8d975c15c0cd "ip6tunnel: make sure to pull inner header in ip6tnlrcv" We have to save...

DEBIAN-CVE-2024-26825

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rxdatareassembly skb on NCI device cleanup rxdatareassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet wit...

SUSE CVE-2024-26804

In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in skbflowdissect+0x19d1/0x7a50 net/core/flowdissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task...

DEBIAN-CVE-2021-47137

In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails,...

UBUNTU-CVE-2021-47146

In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mldnewpack mldnewpack doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skbput. Test commands: ip netns del A ip netns de...

SUSE CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

DEBIAN-CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

UBUNTU-CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

DEBIAN-CVE-2021-46911

In the Linux kernel, the following vulnerability has been resolved: chktls: Fix kernel panic Taking page refcount is not ideal and causes kernel panic sometimes. It's better to take txctx lock for the complete skb transmit, to avoid page cleanup if ACK received in middle...