kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

DEBIAN-CVE-2024-0646

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system...

kernel: ipv4/tcp: Infinite loop in tcp_splice_read()

A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice and tcpspliceread functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely...

kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko

A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when being invoked using the splice system call. A local unprivileged user on a system with either...

Kernel: net: oops from tcp_collapse() when using splice(2)

The tcpreadsock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service system crash via a crafted splice system call for a TCP socket...

Linux Kernel 2.6.x - splice(2) Double Lock Local Denial of Service

Linux Kernel 2.6.x - splice2 Double Lock Local Denial of Service / source: https://www.securityfocus.com/bid/35143/info The Linux kernel is prone to a local denial-of-service vulnerability. Attackers can exploit this issue to cause an affected process to hang, denying service to legitimate users...