kernel: SELinux netlink permission check bypass

A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted...

UBUNTU-CVE-2020-10751

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages...

openSUSE Security Update : shadowsocks-libev (openSUSE-2019-2667)

This update for shadowsocks-libev fixes the following issues : - Update version to 3.3.3 - Refine the handling of suspicious connections. - Fix exploitable denial-of-service vulnerability exists in the UDPRelay functionality boo1158251, CVE-2019-5163 - Fix code execution vulnerability in the...

kernel: SCTP socket buffer memory leak leading to denial of service

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack...

QEMU: slirp: heap buffer overflow in tcp_emu()

A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcpemu routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0165)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information...

QEMU: slirp: heap buffer overflow in tcp_emu()

A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcpemu routine while emulating the Identification protocol and copying message data to a socket buffer. A user or process could use this flaw to crash the QEMU process on the host...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service

An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented. Each fragment is about TCP maximum segment size MSS...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

DEBIAN-CVE-2019-3874

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable...

UBUNTU-CVE-2019-3701

An issue was discovered in cancangwrcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the candlc field. The privileged user "root" with CAPNETADMIN can create a CAN frame modification rule that mak...

kernel: Incorrect overwrite check in __ip6_append_data()

The ip6appenddata function in net/ipv6/ip6output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service system crash via crafted system calls...

USN-3290-1: Linux kernel vulnerability

Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer skb truncation. A local attacker could use this to cause a denial of service system crash...

USN-3290-1 linux vulnerability

Marco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer skb truncation. A local attacker could use this to cause a denial of service system crash...

CVE-2017-7477

A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment listskbshinfoskb-fraglist in the socket bufferskbbuff. The heap overflow occurred if 'MAXSKBFRAGS + 1' parameter and 'NETIFFFRAGLIST' feature are both used together. A remote user or...

kernel: use after free in dccp protocol

A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol DCCP implementation freed SKB socket buffer resources for a DCCPPKTREQUEST packet when the IPV6RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the...

kernel: use after free in dccp protocol

A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol DCCP implementation freed SKB socket buffer resources for a DCCPPKTREQUEST packet when the IPV6RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the...

kernel: use after free in dccp protocol

A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol DCCP implementation freed SKB socket buffer resources for a DCCPPKTREQUEST packet when the IPV6RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the...

kernel: use after free in dccp protocol

A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol DCCP implementation freed SKB socket buffer resources for a DCCPPKTREQUEST packet when the IPV6RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the...