Page 195 of 2682 results (0.017 seconds)

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. But WARN_ON must be used to denote kernel bugs and not to print simple warnings. A warning can simply be printed using pr_warn. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: batman-adv: Evite comprobaciones relacionadas con el tiempo WARN_ON. La interfaz soft/batadv para un MDS en cola se puede cambiar durante el tiempo que el MDS estuvo en cola para transmisión y cuando el MDS realmente se transmite por el trabajador. Pero WARN_ON debe usarse para indicar errores del kernel y no para imprimir simples advertencias. • https://git.kernel.org/stable/c/ef0a937f7a1450d3a133ccd83c9c7d07587e7a00 https://git.kernel.org/stable/c/45011f2973f6b52cf50db397bb27bf805f5f0e7f https://git.kernel.org/stable/c/6031daaaf6d5c359c99dfffa102e332df234ff09 https://git.kernel.org/stable/c/77a99aad5bc3ea105806ebae6be3cbadc2fc615e https://git.kernel.org/stable/c/e8e9d2968a9d08bf5c683afca182f1537edebf8d https://git.kernel.org/stable/c/e7fbd8184fa9e85f0d648c499841cb7ff6dec9f4 https://git.kernel.org/stable/c/282baa8104af44e04c4af3e7f933b44267c7f86f https://git.kernel.org/stable/c/2eb4e0b3631832a4291c8bf4c9db873f6 •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in netlbl_cipsov4_add_std Reported by syzkaller: BUG: memory leak unreferenced object 0xffff888105df7000 (size 64): comm "syz-executor842", pid 360, jiffies 4294824824 (age 22.546s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000e67ed558>] kmalloc include/linux/slab.h:590 [inline] [<00000000e67ed558>] kzalloc include/linux/slab.h:720 [inline] [<00000000e67ed558>] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [inline] [<00000000e67ed558>] netlbl_cipsov4_add+0x390/0x2340 net/netlabel/netlabel_cipso_v4.c:416 [<0000000006040154>] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739 [<00000000204d7a1c>] genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] [<00000000204d7a1c>] genl_rcv_msg+0x2bf/0x4f0 net/netlink/genetlink.c:800 [<00000000c0d6a995>] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504 [<00000000d78b9d2c>] genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 [<000000009733081b>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] [<000000009733081b>] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340 [<00000000d5fd43b8>] netlink_sendmsg+0x789/0xc70 net/netlink/af_netlink.c:1929 [<000000000a2d1e40>] sock_sendmsg_nosec net/socket.c:654 [inline] [<000000000a2d1e40>] sock_sendmsg+0x139/0x170 net/socket.c:674 [<00000000321d1969>] ____sys_sendmsg+0x658/0x7d0 net/socket.c:2350 [<00000000964e16bc>] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404 [<000000001615e288>] __sys_sendmsg+0xd3/0x190 net/socket.c:2433 [<000000004ee8b6a5>] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:47 [<00000000171c7cee>] entry_SYSCALL_64_after_hwframe+0x44/0xae The memory of doi_def->map.std pointing is allocated in netlbl_cipsov4_add_std, but no place has freed it. It should be freed in cipso_v4_doi_free which frees the cipso DOI resource. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ipv4: corrige la pérdida de memoria en netlbl_cipsov4_add_std. Reportado por syzkaller: BUG: pérdida de memoria objeto sin referencia 0xffff888105df7000 (tamaño 64): comm "syz-executor842", pid 360, jiffies 4294824824 ( edad 22,546 s) volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [&lt;00000000e67ed558&gt;] kmalloc include/linux/slab.h:590 [en línea] [&lt;00000000e67ed558&gt; ] kzalloc include/linux/slab.h:720 [en línea] [&lt;00000000e67ed558&gt;] netlbl_cipsov4_add_std net/netlabel/netlabel_cipso_v4.c:145 [en línea] [&lt;00000000e67ed558&gt;] netlbl_cipsov4_add+0x390/0x234 0 net/netlabel/netlabel_cipso_v4.c: 416 [&lt;0000000006040154&gt;] genl_family_rcv_msg_doit.isra.0+0x20e/0x320 net/netlink/genetlink.c:739 [&lt;00000000204d7a1c&gt;] genl_family_rcv_msg net/netlink/genetlink.c:783 [en línea] 00000204d7a1c&gt;] genl_rcv_msg+0x2bf /0x4f0 net/netlink/genetlink.c:800 [&lt;00000000c0d6a995&gt;] netlink_rcv_skb+0x134/0x3d0 net/netlink/af_netlink.c:2504 [&lt;00000000d78b9d2c&gt;] genl_rcv+0x24/0x40 11 [ &lt;000000009733081b&gt;] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [en línea] [&lt;000000009733081b&gt;] netlink_unicast+0x4a0/0x6a0 net/netlink/af_netlink.c:1340 [&lt;00000000d5fd43b8&gt;] enviar mensaje+0x789/0xc70 net/netlink/ af_netlink.c:1929 [&lt;000000000a2d1e40&gt;] sock_sendmsg_nosec net/socket.c:654 [en línea] [&lt;000000000a2d1e40&gt;] sock_sendmsg+0x139/0x170 net/socket.c:674 [&lt;00000000321d19 69&gt;] ____sys_sendmsg+0x658/0x7d0 neto/ socket.c:2350 [&lt;00000000964e16bc&gt;] ___sys_sendmsg+0xf8/0x170 net/socket.c:2404 [&lt;000000001615e288&gt;] __sys_sendmsg+0xd3/0x190 net/socket.c:2433 4ee8b6a5&gt;] do_syscall_64+0x37/0x90 arco /x86/entry/common.c:47 [&lt;00000000171c7cee&gt;] Entry_SYSCALL_64_after_hwframe+0x44/0xae La memoria de apuntamiento doi_def-&gt;map.std está asignada en netlbl_cipsov4_add_std, pero no se ha liberado ningún lugar. Debe liberarse en cipso_v4_doi_free, lo que libera el recurso cipso DOI. • https://git.kernel.org/stable/c/96cb8e3313c7a12e026c1ed510522ae6f6023875 https://git.kernel.org/stable/c/212166510582631994be4f4b3fe15e10a03c1dd4 https://git.kernel.org/stable/c/086e92b1d68c6338535f715aad173f8cf4bfbc8c https://git.kernel.org/stable/c/6dcea66d3bb519b426282588f38e884e07893c1f https://git.kernel.org/stable/c/5340858147e3dc60913fb3dd0cbb758ec4a26e66 https://git.kernel.org/stable/c/398a24447eb60f060c8994221cb5ae6caf355fa1 https://git.kernel.org/stable/c/deeeb65c6ee404f2d1fb80b38b2730645c0f4663 https://git.kernel.org/stable/c/0ffb460be3abac86f884a8c548bb02724 •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: rds: fix memory leak in rds_recvmsg Syzbot reported memory leak in rds. The problem was in unputted refcount in case of error. int rds_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, int msg_flags) { ... if (!rds_next_incoming(rs, &inc)) { ... } After this "if" inc refcount incremented and if (rds_cmsg_recv(inc, msg, rs)) { ret = -EFAULT; goto out; } ... out: return ret; } in case of rds_cmsg_recv() fail the refcount won't be decremented. And it's easy to see from ftrace log, that rds_inc_addref() don't have rds_inc_put() pair in rds_recvmsg() after rds_cmsg_recv() 1) | rds_recvmsg() { 1) 3.721 us | rds_inc_addref(); 1) 3.853 us | rds_message_inc_copy_to_user(); 1) + 10.395 us | rds_cmsg_recv(); 1) + 34.260 us | } En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:rds: corrige pérdida de memoria en rds_recvmsg. Syzbot informó pérdida de memoria en rds. • https://git.kernel.org/stable/c/bdbe6fbc6a2f2ccfb384b141b257677d2a8d36fb https://git.kernel.org/stable/c/8c3ec88b03e9e4ca117dcdc4204fd3edcd02084f https://git.kernel.org/stable/c/423c6939758fb3b9cf5abbd1e7792068a5c4ae8c https://git.kernel.org/stable/c/1f79bc8ae81c05eb112a53f981cb2c244ee50d02 https://git.kernel.org/stable/c/06b7cb0194bd1ede0dd27f3a946e7c0279fba44a https://git.kernel.org/stable/c/2038cd15eacdf7512755c27686822e0052eb9042 https://git.kernel.org/stable/c/5946fbf48355f5a8caeff72580c7658da5966b86 https://git.kernel.org/stable/c/b25b60d076164edb3025e85aabd2cf50a •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack out of bounds when parsing TCP options."). v2 changes: Added an early return when length < 0 to avoid calling skb_header_pointer with negative length. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: synproxy: corrección de límites al analizar opciones TCP. El analizador de opciones TCP en synproxy (synproxy_parse_options) podría leer un byte fuera de los límites. Cuando la longitud es 1, el flujo de ejecución entra en el bucle, lee un byte del código de operación y, si el código de operación no es TCPOPT_EOL ni TCPOPT_NOP, lee un byte más, que excede la longitud de 1. • https://git.kernel.org/stable/c/48b1de4c110a7afa4b85862f6c75af817db26fad https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8 https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4 https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1 https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98 https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02 https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix memory leak in ip_mc_add1_src BUG: memory leak unreferenced object 0xffff888101bc4c00 (size 32): comm "syz-executor527", pid 360, jiffies 4294807421 (age 19.329s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 01 00 00 00 00 00 00 00 ac 14 14 bb 00 00 02 00 ................ backtrace: [<00000000f17c5244>] kmalloc include/linux/slab.h:558 [inline] [<00000000f17c5244>] kzalloc include/linux/slab.h:688 [inline] [<00000000f17c5244>] ip_mc_add1_src net/ipv4/igmp.c:1971 [inline] [<00000000f17c5244>] ip_mc_add_src+0x95f/0xdb0 net/ipv4/igmp.c:2095 [<000000001cb99709>] ip_mc_source+0x84c/0xea0 net/ipv4/igmp.c:2416 [<0000000052cf19ed>] do_ip_setsockopt net/ipv4/ip_sockglue.c:1294 [inline] [<0000000052cf19ed>] ip_setsockopt+0x114b/0x30c0 net/ipv4/ip_sockglue.c:1423 [<00000000477edfbc>] raw_setsockopt+0x13d/0x170 net/ipv4/raw.c:857 [<00000000e75ca9bb>] __sys_setsockopt+0x158/0x270 net/socket.c:2117 [<00000000bdb993a8>] __do_sys_setsockopt net/socket.c:2128 [inline] [<00000000bdb993a8>] __se_sys_setsockopt net/socket.c:2125 [inline] [<00000000bdb993a8>] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2125 [<000000006a1ffdbd>] do_syscall_64+0x40/0x80 arch/x86/entry/common.c:47 [<00000000b11467c4>] entry_SYSCALL_64_after_hwframe+0x44/0xae In commit 24803f38a5c0 ("igmp: do not remove igmp souce list info when set link down"), the ip_mc_clear_src() in ip_mc_destroy_dev() was removed, because it was also called in igmpv3_clear_delrec(). Rough callgraph: inetdev_destroy -> ip_mc_destroy_dev -> igmpv3_clear_delrec -> ip_mc_clear_src -> RCU_INIT_POINTER(dev->ip_ptr, NULL) However, ip_mc_clear_src() called in igmpv3_clear_delrec() doesn't release in_dev->mc_list->sources. And RCU_INIT_POINTER() assigns the NULL to dev->ip_ptr. As a result, in_dev cannot be obtained through inetdev_by_index() and then in_dev->mc_list->sources cannot be released by ip_mc_del1_src() in the sock_close. Rough call sequence goes like: sock_close -> __sock_release -> inet_release -> ip_mc_drop_socket -> inetdev_by_index -> ip_mc_leave_src -> ip_mc_del_src -> ip_mc_del1_src So we still need to call ip_mc_clear_src() in ip_mc_destroy_dev() to free in_dev->mc_list->sources. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ipv4: corrige la pérdida de memoria en ip_mc_add1_src. • https://git.kernel.org/stable/c/24803f38a5c0b6c57ed800b47e695f9ce474bc3a https://git.kernel.org/stable/c/bd1b664a19403ede448d29c87b2f23796bc7a577 https://git.kernel.org/stable/c/b38c6e0bd5b5e439ecebdc0df599d573c2f610f8 https://git.kernel.org/stable/c/0dc13e75507faa17ac9f7562b4ef7bf8fcd78422 https://git.kernel.org/stable/c/6cff57eea3347f79f1867cc53e1093b6614138d8 https://git.kernel.org/stable/c/1e28018b5c83d5073f74a6fb72eabe8370b2f501 https://git.kernel.org/stable/c/3dd2aeac2e9624cff9fa634710837e4f2e352758 https://git.kernel.org/stable/c/ac31cc837cafb57a271babad8ccffbf73 • CWE-400: Uncontrolled Resource Consumption •