SUSE CVE-2023-53344

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

CVE-2023-53344

In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aiorwdone fs/aio.c:1520 inline BUG: KMSAN:...

CVE-2021-47370 mptcp: ensure tx skbs always have the MPTCP ext

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure tx skbs always have the MPTCP ext Due to signed/unsigned comparison, the expression: info-sizegoal - skb-len 0 evaluates to true when the size goal is smaller than the skb size. That results in lack of tx cache...

CVE-2024-35929 rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARNONONCE in the rcunocbbypasslock For the kernels built with CONFIGRCUNOCBCPUDEFAULTALL=y and CONFIGRCULAZY=y, the following scenarios will trigger WARNONONCE in the rcunocbbypasslock and rcunocbwaitcontended...

CVE-2024-35929 rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARNONONCE in the rcunocbbypasslock For the kernels built with CONFIGRCUNOCBCPUDEFAULTALL=y and CONFIGRCULAZY=y, the following scenarios will trigger WARNONONCE in the rcunocbbypasslock and rcunocbwaitcontended...

CVE-2022-48689

In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report 1 showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or other layers, using...

CVE-2021-47219

In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Fix out-of-bound read in respreporttgtpgs The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 inline BUG: KASAN: slab-out-of-bounds in...

CVE-2021-47219

CVE-2021-47219 involves the Linux kernel SCSI subsystem, specifically the scsi_debug path, where an out-of-bounds read occurs in resp_report_tgtpgs() due to an incorrect handling of lengths. The issue can manifest as a negative alen when userspace supplies a large length, enabling a slab/read bou...

CVE-2021-47202 thermal: Fix NULL pointer dereferences in of_thermal_ functions

In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in ofthermal functions ofparsethermalzones parses the thermal-zones node and registers a thermalzone device for each subnode. However, if a thermal zone is consuming a thermal sensor and tha...

CVE-2024-26641 ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could access unitiliazed data 1. Call pskbinetmaypull to fix this, and initialize ipv6h variable after this call as it can change skb-head. 1 BUG: KMSA...

Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in al...

Microsoft MsMpEng - mpengine x86 Emulator Heap Corruption in VFS API

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2 In issue 1260 I discussed Microsoft's "apicall" instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in all recent versions of Windows. I asked Microsoft if...