12423 matches found
CVE-2023-54176
In the Linux kernel, the following vulnerability has been resolved: mptcp: stricter state check in mptcpworker As reported by Christoph, the mptcp protocol can run the worker when the relevant msk socket is in an unexpected state: connect // incoming reset + fastclose // the mptcp worker is...
UBUNTU-CVE-2022-50863
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode...
CVE-2022-50832
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential memory leak in wilcmacxmit The wilcmacxmit returns NETDEVTXOK without freeing skb, add devkfreeskb to fix it. Compile tested only...
CVE-2022-50829
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: Fix use-after-free in ath9khifusbregincb It is possible that skb is freed in ath9khtcrxmsg, then usbsubmiturb fails and we try to free skb again. It causes use-after-free bug. Moreover, if allocskb fails,...
CVE-2022-50832
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential memory leak in wilcmacxmit The wilcmacxmit returns NETDEVTXOK without freeing skb, add devkfreeskb to fix it. Compile tested only...
CVE-2022-50885
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...
CVE-2022-50885
CVE-2022-50885 affects the Linux kernel RDMA/rxe path. The root cause is a NULL pointer dereference in rxe_qp_do_cleanup() when socket creation fails during rxe_qp_init_req(), which can occur in mount.cifs over RDMA. The documented fix moves the reset of rxe_qp_do_cleanup() to occur after a NULL ...
CVE-2022-50885 RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...
CVE-2022-50885 RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed There is a null-ptr-deref when mount.cifs over rdma: BUG: KASAN: null-ptr-deref in rxeqpdocleanup+0x2f3/0x360 rdmarxe Read of size 8 at addr 000000000000001...
CVE-2022-50863 wifi: rtw89: free unused skb to prevent memory leak
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode...
CVE-2022-50854 nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
In the Linux kernel, the following vulnerability has been resolved: nfc: virtualncidev: Fix memory leak in virtualncisend skb should be free in virtualncisend, otherwise kmemleak will report memleak. Steps for reproduction simulated in qemu: cd tools/testing/selftests/nci make ./ncidev BUG: memor...
CVE-2022-50854 nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
In the Linux kernel, the following vulnerability has been resolved: nfc: virtualncidev: Fix memory leak in virtualncisend skb should be free in virtualncisend, otherwise kmemleak will report memleak. Steps for reproduction simulated in qemu: cd tools/testing/selftests/nci make ./ncidev BUG: memor...
CVE-2022-50784
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't try to use it, but rather return as if we should pass it. Coverity CID: 1503456...
UBUNTU-CVE-2022-50784
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't try to use it, but rather return as if we should pass it. Coverity CID: 1503456...
CVE-2023-54238
In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napiconsume nor by devkfreeskbany. Add call to napiconsumeskb to properly free SKBs. Another...
CVE-2023-54223 net/mlx5e: xsk: Fix invalid buffer access for legacy rq
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...
CVE-2023-54223 net/mlx5e: xsk: Fix invalid buffer access for legacy rq
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix invalid buffer access for legacy rq The below crash can be encountered when using xdpsock in rx mode for legacy rq: the buffer gets released in the XDPREDIRECT path, and then once again in the driver. This fix...
CVE-2023-54218
In the Linux kernel, the following vulnerability has been resolved: net: Fix load-tearing on sk-skstamp in sockrecvcmsgs. KCSAN found a data race in sockrecvcmsgs where the read access to sk-skstamp needs READONCE. BUG: KCSAN: data-race in packetrecvmsg / packetrecvmsg write marked to...
CVE-2022-50838 net: stream: purge sk_error_queue in sk_stream_kill_queues()
In the Linux kernel, the following vulnerability has been resolved: net: stream: purge skerrorqueue in skstreamkillqueues Changheon Lee reported TCP socket leaks, with a nice repro. It seems we leak TCP sockets with the following sequence: 1 SOFTIMESTAMPINGTXACK is enabled on the socket. Each ACK...
CVE-2022-50832 wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential memory leak in wilcmacxmit The wilcmacxmit returns NETDEVTXOK without freeing skb, add devkfreeskb to fix it. Compile tested only...