CVE-2024-36927

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

UBUNTU-CVE-2024-36946

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtmphonetnotify skb allocation fillroute stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify should use NLMSGALIGNsizeofstruct rtmsg + nlatotalsize1 + nlatotalsize4...

CVE-2024-36946

CVE-2024-36946 is a Linux kernel local denial of service issue related to phonet: rtm_phonet_notify() skb allocation. The root cause is that fill_route() stores three components in the skb (rtmsg, RTA_DST, RTA_OIF) and rtm_phonet_notify() should allocate space via NLMSG_ALIGN(sizeof(struct rtmsg)...

CVE-2024-36940 pinctrl: core: delete incorrect free in pinctrl_enable()

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrlenable The "pctldev" struct is allocated in devmpinctrlregisterandinit. It's a devm managed pointer that is freed by devmpinctrldevrelease, so freeing it in pinctrlenable will lead t...

CVE-2024-36937 xdp: use flags field to disambiguate broadcast redirect

In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpfredirectmap helper will set up the redirect destination information in struct bpfredirectinfo using the bpfxdpredirectmap helper...

CVE-2024-36937

Summary of CVE-2024-36937 : The Linux kernel vulnerability affects XDP redirect handling when broadcasting to a map via BPF_F_BROADCAST. The issue arose because xdp_do_redirect() could see a NULL destination pointer if the destination map was destroyed before the XDP program ran, causing a crash....

CVE-2024-36920 scsi: mpi3mr: Avoid memcpy field-spanning write WARNING

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver prints this WARNING message: memcpy: detected field-spanning write size 128 of single field...

CVE-2024-36017

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

CVE-2024-36017 rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLAVFVLANLIST attribute validation Each attribute inside a nested IFLAVFVLANLIST is assumed to be a struct iflavfvlaninfo so the size of such attribute needs to be at least of sizeofstruct iflavfvlaninf...

CVE-2023-52842

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix uninit-value in virtiotransportrecvpkt KMSAN reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in virtiotransportrecvpkt+0x1dfb/0x26...

CVE-2021-47485

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields Overflowing either addrlimit or bytestogo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math on...

CVE-2021-47485 IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qibusersdmapkt fields Overflowing either addrlimit or bytestogo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math on...

CVE-2023-52765

In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means that it is also boun...

CVE-2023-52842

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix uninit-value in virtiotransportrecvpkt KMSAN reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in virtiotransportrecvpkt+0x1dfb/0x26...

CVE-2023-52842

CVE-2023-52842 affects the Linux kernel virtio_vsock path. The issue arises from uninitialized buf_alloc and fwd_cnt fields in struct virtio_vsock_hdr when a new skb is allocated in virtio_transport_init_hdr(), leading to a KMSAN-uninitialized-value report. The connected Astra/SUSE advisories con...

CVE-2023-52842 virtio/vsock: Fix uninit-value in virtio_transport_recv_pkt()

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix uninit-value in virtiotransportrecvpkt KMSAN reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in virtiotransportrecvpkt+0x1dfb/0x26...

CVE-2023-52836 locking/ww_mutex/test: Fix potential workqueue corruption

In the Linux kernel, the following vulnerability has been resolved: locking/wwmutex/test: Fix potential workqueue corruption In some cases running with the test-wwmutex code, I was seeing odd behavior where sometimes it seemed flushworkqueue was returning before all the work threads were finished...

CVE-2023-52796 ipvlan: add ipvlan_route_v6_outbound() helper

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

CVE-2021-47417

In the Linux kernel, the following vulnerability has been resolved: libbpf: Fix memory leak in strset Free struct strset itself, not just its internal parts...

CVE-2021-47413

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle which is the recommended way according to Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt the...