kernel: ipvlan: out-of-bounds write caused by unclear skb->cb

A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb-cb initialization in ipoptionsecho and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalati...

Python TLS Handshake Bypass (CVE-2023-40217)

The version of Python installed on the remote Windows host is potentially affected by a vulnerability that primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly,...

kernel: ipvlan: out-of-bounds write caused by unclear skb->cb

A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb-cb initialization in ipoptionsecho and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalati...

kernel: remote DoS in TIPC kernel module

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipclinkxmit hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of skb-cb initialization, which can be exploited by an attacker to cause the existence of heap-based...

kernel: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg

In the Linux kernel, the following vulnerability has been resolved: mt76: mt76x02u: fix possible memory leak in mt76x02umcusendmsg Free the skb if mt76ubulkmsg fails in mt76x02umcusendmsg routine...

kernel: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path

In the Linux kernel, the following vulnerability has been resolved: can: etases58x: es58xrxerrmsg: fix memory leak in error path In es58xrxerrmsg, if can-dosetmode fails, the function directly returns without calling netifrxskb. This means that the skb previously allocated by alloccanerrskb is no...

kernel: can: m_can: m_can_tx_handler(): fix use after free of skb

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcantxhandler: fix use after free of skb canputechoskb will clone skb then free the skb. Move the canputechoskb for the mcan version 3.0.x directly before the start of the xmit in hardware, similar to the 3.1.x branch...

kernel: Bluetooth: L2CAP: Fix memory leak in vhci_write

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhciwrite Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 size 240: ... hex dump first 32 bytes: 00 00 ...

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.

...

SUSE CVE-2006-2446

Race condition between the kfreeskb and skbunlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service crash, as demonstrated using the TCP stress tests from the LTP test suite...

SUSE CVE-2007-4997

Integer underflow in the ieee80211rx function in net/ieee80211/ieee80211rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service crash via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211STYPEQOSDATA flag is set, aka an "off-by-two...

SUSE CVE-2022-42328

Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packe...

Denial Of Service (DoS)

Linux kernel is vulnerable to Denial Of Service DoS. The vulnerability exists through use after free in the networking code because the schsfb enqueue function used the socket buffer SKB cb field after the same SKB had been enqueued and freed into a child qdisc, allowing an attacker to cause an...

PT-2023-33226 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.83 Description: The issue is related to a problem in the xen/netback component where kfree skb is called with interrupts disabled. The actual impact and attack plausibility have not yet been proven...

PT-2023-33253 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.82 Description: A potential security issue exists due to the re-fetching of the skb cb after tipc msg validate. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

PT-2023-34076 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue is related to the association of a socket buffer skb with a device at transmission time. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

PT-2023-34403 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.163 Description: The issue is related to the handling of network packets, specifically the association of a socket buffer skb with a device during transmission tx. The actual impact and potential for attac...

PT-2023-33639 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the handling of network packets, specifically the association of a socket buffer skb with a device during transmission. The actual impact and potential for attack hav...

Ubuntu 22.10 : Linux kernel (IBM) vulnerabilities (USN-5793-4)

The remote Ubuntu 22.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5793-4 advisory. It was discovered that the iouring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free...