172 matches found
CVE-2024-26991
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpageinfo when checking attributes Fix KVMSETMEMORYATTRIBUTES to not overflow lpageinfo array and trigger KASAN splat, as seen in the privatememconversionstest selftest. When memory attributes ar...
CVE-2024-27000
In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uarthandlectschange function in serialcore expects the caller to hold uport-lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded ...
CVE-2024-27012 netfilter: nf_tables: restore set elements when delete set fails
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From abort path, nftmapelemactivate needs to restore refcounters to the original state. Currently, it uses the set-ops-walk to iterate over these set elements. The...
CVE-2024-27000 serial: mxs-auart: add spinlock around changing cts state
In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uarthandlectschange function in serialcore expects the caller to hold uport-lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded ...
CVE-2024-27000 serial: mxs-auart: add spinlock around changing cts state
In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uarthandlectschange function in serialcore expects the caller to hold uport-lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded ...
CVE-2024-26999 serial/pmac_zilog: Remove flawed mitigation for rx irq flood
In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...
CVE-2024-26991 KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpageinfo when checking attributes Fix KVMSETMEMORYATTRIBUTES to not overflow lpageinfo array and trigger KASAN splat, as seen in the privatememconversionstest selftest. When memory attributes ar...
CVE-2024-26991
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpageinfo when checking attributes Fix KVMSETMEMORYATTRIBUTES to not overflow lpageinfo array and trigger KASAN splat, as seen in the privatememconversionstest selftest. When memory attributes ar...
CVE-2024-26835
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active...
CVE-2024-26865
In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsktimerhandler. syzkaller reported a warning of netns tracker 0 followed by KASAN splat 1 and another ref tracker warning 1. syzkaller could not find a repro, but in the log, the only...
CVE-2024-26835
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active...
CVE-2024-26835 netfilter: nf_tables: set dormant flag on hook register failure
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active...
CVE-2024-26782
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inetopt' for the new socket has the same value as the original one: as a...
CVE-2024-26784 pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmiperfdomain removal On unloading of the scmiperfdomain module got the below splat, when in the DT provided to the system under test the 'power-domain-cells' property was missing. Indeed,...
CVE-2021-47175
A vulnerability was found in fqpie module of Linux Kernel impacting net/sched, where an out-of-bounds access during network traffic handling allows attackers to execute arbitrary code leads to DoS. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has no...
CVE-2021-47146 mld: fix panic in mld_newpack()
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mldnewpack mldnewpack doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skbput. Test commands: ip netns del A ip netns de...
CVE-2021-47127 ice: track AF_XDP ZC enabled queues in bitmap
In the Linux kernel, the following vulnerability has been resolved: ice: track AFXDP ZC enabled queues in bitmap Commit c7a219048e45 "ice: Remove xskbuffpool from VSI structure" silently introduced a regression and broke the Tx side of AFXDP in copy mode. xskpool on icering is set only based on t...
CVE-2021-46997
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...
CVE-2021-46997
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: always set GICPRIOPSRISET during entry Zenghui reports that booting a kernel with "irqchip.gicv3pseudonmi=1" on the command line hits a warning during kernel entry, due to the way we manipulate the PMR. Early in the...