kernel: inet: read sk->sk_family once in inet_recv_error()

In the Linux kernel, the following vulnerability has been resolved: inet: read sk-skfamily once in inetrecverror inetrecverror is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6ADDRFORM socket option and trigger a KCSAN warning...

DEBIAN-CVE-2024-50044

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it causing the following trace:...

CVE-2022-49018

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sleep in atomic at close time Matt reported a splat at msk close time: BUG: sleeping function called from invalid context at net/mptcp/protocol.c:2877 inatomic: 1, irqsdisabled: 0, nonblock: 0, pid: 155, name:...

CVE-2024-49946

CVE-2024-49946 affects the Linux kernel PPP stack. The issue arises in ppp_channel_bridge_input() when packets are backlogged to a socket owned by a user process and the code path can call sk_backlog_rcv()/__release_sock()/release_sock() in process context. This creates an inconsistent lock state...

CVE-2024-49946 ppp: do not assume bh is held in ppp_channel_bridge_input()

In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in pppchannelbridgeinput Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the...

kernel: Bluetooth: af_bluetooth: Fix deadlock

A flaw was found in the Linux kernel’s Bluetooth subsystem, specifically within the afbluetooth module. The issue arises when attempting to perform a socklock on the .recvmsg method, leading to a deadlock situation. In this scenario, multiple tasks wait indefinitely for a resource, causing...

kernel: Bluetooth: af_bluetooth: Fix deadlock

A flaw was found in the Linux kernel’s Bluetooth subsystem, specifically within the afbluetooth module. The issue arises when attempting to perform a socklock on the .recvmsg method, leading to a deadlock situation. In this scenario, multiple tasks wait indefinitely for a resource, causing...

DEBIAN-CVE-2023-52772

In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...

CVE-2023-52772 af_unix: fix use-after-free in unix_stream_read_actor()

In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...

CVE-2021-47248 udp: fix race between close() and udp_abort()

In the Linux kernel, the following vulnerability has been resolved: udp: fix race between close and udpabort Kaustubh reported and diagnosed a panic in udpliblookup. The root cause is udpabort racing with close. Both racing functions acquire the socket lock, but udpv6destroysock release it before...

PT-2024-11255 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is caused by a race between close and udp abort functions, which both acquire the socket lock. However, udpv6 destroy sock releases the lock before performing destructive...

SUSE CVE-2024-27402

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: fix racy skbqueueempty use The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skbpeek unexpectedly returning NULL or a pointer to an already dequeued socket buffer...

kernel: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcommskstatechange syzbot reports a possible deadlock in rfcommskstatechange 1. While rfcommsockconnect acquires the sk lock and waits for the rfcomm lock, rfcommsockrelease could have the...

SUSE CVE-2024-26740

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: use the backlog for mirred ingress The test Davide added in commit ca22da2fbd69 "actmirred: use the backlog for nested calls to mirred ingress" hangs our testing VMs every 10 or so runs, with the familiar...

CVE-2024-26732

In the Linux kernel, the following vulnerability has been resolved: net: implement lockless setsockoptSOPEEKOFF syzbot reported a lockdep violation 1 involving afunix support of SOPEEKOFF. Since SOPEEKOFF is inherently not thread safe it uses a per-socket skpeekoff field, there is really no point...

CVE-2024-26740 net/sched: act_mirred: use the backlog for mirred ingress

In the Linux kernel, the following vulnerability has been resolved: net/sched: actmirred: use the backlog for mirred ingress The test Davide added in commit ca22da2fbd69 "actmirred: use the backlog for nested calls to mirred ingress" hangs our testing VMs every 10 or so runs, with the familiar...

CVE-2024-26732

CVE-2024-26732 affects the Linux kernel where SO_PEEK_OFF for sockets could cause a lockdep violation in af_unix, due to per-socket uio lock usage. The vulnerability arises because SO_PEEK_OFF was previously protected by kernel locks; a patch implemented lockless behavior for setsockopt(SO_PEEK_O...

DEBIAN-CVE-2024-26679

In the Linux kernel, the following vulnerability has been resolved: inet: read sk-skfamily once in inetrecverror inetrecverror is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6ADDRFORM socket option and trigger a KCSAN warning...

CVE-2024-26679

In the Linux kernel, the following vulnerability has been resolved: inet: read sk-skfamily once in inetrecverror inetrecverror is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6ADDRFORM socket option and trigger a KCSAN warning...

CVE-2024-26679 inet: read sk->sk_family once in inet_recv_error()

In the Linux kernel, the following vulnerability has been resolved: inet: read sk-skfamily once in inetrecverror inetrecverror is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6ADDRFORM socket option and trigger a KCSAN warning...