CVE-2024-53118 vsock: Fix sk_error_queue memory leak

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix skerrorqueue memory leak Kernel queues MSGZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recved. To prevent memory leaks, clean up the queue when the socket is destroyed...

CVE-2024-47715

Summary: CVE-2024-47715 affects the Linux kernel’s wifi mt76 driver for MT7915 on MT7986. The issue stemmed from mt7915_band_config() setting band_idx to 1 on the main phy for MT7986 with MT7975_ONE_ADIE or MT7976_ONE_ADIE, which caused a dereference of the phys array via wcid->phy_idx in mt76...

CVE-2024-42272 sched: act_ct: take care of padding in struct zones_ht_key

In the Linux kernel, the following vulnerability has been resolved: sched: actct: take care of padding in struct zoneshtkey Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zoneshtkey got a struct net pointer. Make sure rhashtablelookup is not using the padding bytes whic...

CVE-2022-48652 ice: Fix crash by keep old cfg when update TCs more than queues

In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 "ice: ethtool: Prohibit improper channel config for DCB" already disallow setti...

CVE-2024-26815 net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCATAPRIOTCENTRYINDEX check taprioparsetcentry is not correctly checking TCATAPRIOTCENTRYINDEX attribute: int tc; // Signed value tc = nlagetu32tbTCATAPRIOTCENTRYINDEX; if tc = TCQOPTMAXQUEUE...

CVE-2024-26663 tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()

In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipcudpnlbeareradd syzbot reported the following general protection fault 1: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 1 PREEMPT SMP KASAN...

CVE-2024-26663 tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()

In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipcudpnlbeareradd syzbot reported the following general protection fault 1: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 1 PREEMPT SMP KASAN...

CVE-2024-26663

In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipcudpnlbeareradd syzbot reported the following general protection fault 1: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 1 PREEMPT SMP KASAN...

CVE-2011-4594

The CVE-2011-4594 entry documents a local kernel vulnerability in the Linux kernel (__sys_sendmsg in net/socket.c) where crafted usage of sendmmsg can trigger an incorrect pointer dereference and crash the system. It affects kernel versions before 3.1, with the described impact being a denial of ...