CVE-2024-26679 inet: read sk->sk_family once in inet_recv_error()

In the Linux kernel, the following vulnerability has been resolved: inet: read sk-skfamily once in inetrecverror inetrecverror is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6ADDRFORM socket option and trigger a KCSAN warning...

CVE-2024-26679

In the Linux kernel, the following vulnerability has been resolved: inet: read sk-skfamily once in inetrecverror inetrecverror is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6ADDRFORM socket option and trigger a KCSAN warning...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a call to inetrecverror that does not require holding a socket lock...

SUSE CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header 1 Like some others, llcuisendmsg...

CVE-2024-26636

In the Linux kernel, the following vulnerability has been resolved: llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header 1 Like some others, llcuisendmsg...

CVE-2024-26636 llc: make llc_ui_sendmsg() more robust against bonding changes

In the Linux kernel, the following vulnerability has been resolved: llc: make llcuisendmsg more robust against bonding changes syzbot was able to trick llcuisendmsg, allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header 1 Like some others, llcuisendmsg...

CVE-2021-47132

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix skforwardmemory corruption on retransmission MPTCP skforwardmemory handling is a bit special, as such field is protected by the msk socket spinlock, instead of the plain socket lock. Currently we have a code path...

SUSE CVE-2021-47038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...

DEBIAN-CVE-2021-47038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...

UBUNTU-CVE-2021-47038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...

CVE-2021-47038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...

CVE-2021-47038 Bluetooth: avoid deadlock between hci_dev->lock and socket lock

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...

CVE-2021-47038

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a dependency between hcidev-lock and socket lock, which could lead to a deadlock...

kernel: l2tp: close all race conditions in l2tp_tunnel_register()

In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tptunnelregister The code in l2tptunnelregister is racy in several ways: 1. It modifies the tunnel socket after publishing it. 2. It calls setupudptunnelsock on an existing socket without...

PT-2024-11878 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc5 Description: A bug in the Linux kernel has been resolved, specifically in the mptcp protocol. The issue occurred when a sleeping function was called from an invalid context at close time, resulting in ...

PT-2022-35781 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.262 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...

PT-2022-35679 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...

GSD-2021-1000264 Bluetooth: avoid deadlock between hci_dev->lock and socket lock

Bluetooth: avoid deadlock between hcidev-lock and socket lock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as the fix for CVE-2011-2482 provided by RHSA-2011:1212 introduced a regression: on systems that do not have Security-Enhanced Linux SELinux in Enforcing mode, a socket lock race could occur between sctprcv and sctpaccept. A...