14 matches found
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Rejects redirects of skmsg messages to non-TCP sockets With a SOCKMAP/SOCKHASH map and a skmsg program, users can direct messages sent from one TCP socket s1 to actually exiting from another TCP socket s2...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fixed the issue where the memory of skmsg was charged twice. If tcpbpfsendmsg is running during a cleanup operation, psock may be freed. c tcpbpfsendmsg tcpbpfsendverdict skmsgreturn tcpbpfsendmsgredir unlikely!psoc...
kernel: sunrpc: fix handling of server side tls alerts
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...
DEBIAN-CVE-2022-50363
In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to allocskmsg syzbot found that allocskmsg could be called from a non sleepable context. skpsockverdictrecv uses rcureadlock protection. We need the callers to pass a gfpt argument to avoid issues. syzbot...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from skmsg not passing the gfp parameter to allocskmsg, which could result in the allocation function being calle...
Linux Distros Unpatched Vulnerability : CVE-2023-52523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Reject skmsg egress redirects to non-TCP sockets With a SOCKMAP/SOCKHASH map a...
PT-2025-18437
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the Linux kernel allows for the disconnection of a TLS socket, which can lead to unexpected corner cases and a denial of service. This is caused by insufficient input...
UBUNTU-CVE-2022-49205
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix double uncharge the mem of skmsg If tcpbpfsendmsg is running during a tear down operation, psock may be freed. tcpbpfsendmsg tcpbpfsendverdict skmsgreturn tcpbpfsendmsgredir unlikely!psock skmsgfree The mem of m...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the tcpbpfsendmsg function when sk msg is full...
PT-2025-40087
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the tcp bpf subsystem where sk msg free was not called when tcp bpf send verdict failed to allocate memory for psock-cork. This could lead to memory...
UBUNTU-CVE-2024-56720
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpfmsgpopdata Several fixes to bpfmsgpopdata, 1. In skmsgshiftleft, we should putpage 2. if len == 0, return early is better 3. pop the entire skmsg last == msg-sg.size should be supported 4. Fix fo...
PT-2023-26168 · Unknown · Feathersjs
Name of the Vulnerable Software and Affected Versions: Feathersjs versions prior to 4.5.18 Feathersjs versions prior to 5.0.8 Description: The Feathers socket handler did not catch invalid string conversion errors, which could cause the NodeJS process to crash when sending an unexpected Socket.io...
kernel: skmsg: pass gfp argument to alloc_sk_msg()
A denial of service exists in the pass gfp argument to allocskmsg of the linux kernel, such that an attacker creating a specially crafted payload could result in damage to system availability...
PT-2022-33258 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19.2 through v5.19.8 Description: The issue is related to a wrong last sg check in the sk msg recvmsg function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...