31 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: Avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one that supports UC filtering and MC filtering as a DSA master for a randomly selected DSA switch, the following...
Linux Distros Unpatched Vulnerability : CVE-2024-40920
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in brmstsetstate I converted brmstsetstate to RCU...
CVE-2025-38397 nvme-multipath: fix suspicious RCU usage warning
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I get the following "suspicious RCU usage" warning in nvmempathaddsysfslink: ''' 5.024557 T44 nvmet: Created nvm controller 1 for...
CVE-2025-21876
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix suspicious RCU usage Commit "iommu/vt-d: Allocate DMAR fault interrupts locally" moved the call to enabledrhdfaulthandling to a code path that does not hold any lock while traversing the drhd list. Fix it by...
Linux Distros Unpatched Vulnerability : CVE-2024-53042
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow There are code paths fr...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instanceDestroyrcu syzbot reported that nfreinject could be called without rcureadlock: WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...
AZL-53900 CVE-2024-53042 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning 1. Fix by using...
DEBIAN-CVE-2024-53042
In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning 1. Fix by using...
CVE-2024-53047 mptcp: init: protect sched with rcu_read_lock
In the Linux kernel, the following vulnerability has been resolved: mptcp: init: protect sched with rcureadlock Enabling CONFIGPROVERCULIST with its dependence CONFIGRCUEXPERT creates this splat when an MPTCP socket is created: ============================= WARNING: suspicious RCU usage 6.12.0-rc...
CVE-2024-50304
The CVE-2024-50304 entry concerns the Linux kernel IPv4 ip_tunnel subsystem. A suspicious RCU usage warning in ip_tunnel_find() was addressed by adding a lockdep check to hlist_for_each_entry_rcu(), validating that the RTNL mutex is held. The per-netns IP tunnel hash table is protected by the RTN...
CVE-2024-46830
CVE-2024-46830 affects the Linux kernel KVM for x86. The vulnerability arises when acquiring kvm->srcu while handling KVM_SET_VCPU_EVENTS, because KVM will forcibly leave nested VMX/SVM during SMM toggling and leaving nested VMX can read guest memory. The described fix: grab SRCU unconditional...
CVE-2024-46830 KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm-srcu when handling KVMSETVCPUEVENTS Grab kvm-srcu when processing KVMSETVCPUEVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note,...
CVE-2024-40920
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in brmstsetstate I converted brmstsetstate to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the...
CVE-2024-40920 net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in brmstsetstate I converted brmstsetstate to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the...
CVE-2024-40920 net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in brmstsetstate I converted brmstsetstate to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the...
CVE-2024-40920
CVE-2024-40920 affects the Linux kernel net: bridge: mst component. Root cause: br_mst_set_state was converted to RCU to avoid a VLAN use-after-free, but the vlan group dereference helper was not updated, triggering suspicious RCU usage. The fix switches to the vlan group RCU deref helper to addr...
CVE-2024-36286 netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instancedestroyrcu syzbot reported that nfreinject could be called without rcureadlock : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...
CVE-2024-36286
CVE-2024-36286 (Linux kernel) : Affects netfilter nfnetlink_queue logic where nf_reinject() could be called without proper rcu_read_lock, triggering suspicious RCU usage in instance_destroy_rcu. The Astra Linux security bulletin (connected doc) mirrors the Linux kernel fix and notes the vulnerabi...
CVE-2024-36286 netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: acquire rcureadlock in instancedestroyrcu syzbot reported that nfreinject could be called without rcureadlock : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a 0 Not tainted...
CVE-2024-36979
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage1 in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path br forward delay...