6 matches found
CVE-2024-26583
CVE-2024-26583 affects the Linux kernel TLS path. The issue is a race between async crypto notify completion and socket close, where the submitting thread could exit before the crypto handler finishes, risking touching data after it has been freed. The fix routes around this by reducing complex l...
CVE-2021-46912
The CVE-2021-46912 entry describes a Linux kernel vulnerability where tcp_allowed_congestion_control is global and writable, allowing cross-namespace leakage. A fix was applied to make tcp_allowed_congestion_control readonly in non-init netns, addressing the per-net IPv4 congestion control sysctl...
CVE-2021-46931
CVE-2021-46931 involves the Linux kernel mlx5e path (net/mlx5e, mlx5_core) where a TX-timeout-recovery flow calls mlx5e_tx_reporter_dump_sq() with a void* that is actually a mlx5e_tx_timeout_ctx*. The mismatch corrupts stack state and can trigger a kernel panic/stack overflow. The fix adds a wrap...
CVE-2021-46913
CVE-2021-46913 affects the Linux kernel nf_tables/nftables clone set element expressions. The root cause is memcpy() corruption when using a connlimit in set elements, which crashes the connlimit garbage collector during list-walk. The documented fix is to initialize the connlimit expression list...
CVE-2021-46911
CVE-2021-46911 affects the Linux kernel; the issue is a kernel-panic condition caused by how page refcount is handled during ch_ktls transmit. The documented fix modifies the transmit path to take the tx_ctx lock for the complete skb transmit, preventing page cleanup when an ACK is received mid-t...
CVE-2020-25221
CVE-2020-25221 affects Linux kernel 5.7.x and 5.8.x before 5.8.7. The vulnerability arises in get_gate_page() implemented in mm/gup.c, due to incorrect reference counting of the backing struct page for the vsyscall page, causing a refcount underflow. It can be triggered by any 64-bit process that...