CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27018 – netfilter: br_netfilter: skip conntrack input hook for promisc packets
https://notcve.org/view.php?id=CVE-2024-27018
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaround to reset conntrack for these packets. Jianbo Liu reports warning splats in their test infrastructure where cloned packets reach the br_netfilter input hook to confirm the conntrack object. Scratch one bit from BR... • https://git.kernel.org/stable/c/7c3f28599652acf431a2211168de4a583f30b6d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27017 – netfilter: nft_set_pipapo: walk over current view on netlink dump
https://notcve.org/view.php?id=CVE-2024-27017
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_set_pipapo: reco... • https://git.kernel.org/stable/c/2a90da8e0dd50f42e577988f4219f4f4cd3616b7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27016 – netfilter: flowtable: validate pppoe header
https://notcve.org/view.php?id=CVE-2024-27016
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: flowtable: validar encabezado pppoe Asegúrese de que haya suficiente espacio para acceder al campo de protocolo del encabezado PPPoe. Valídel... • https://git.kernel.org/stable/c/72efd585f7144a047f7da63864284764596ccad9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27015 – netfilter: flowtable: incorrect pppoe tuple
https://notcve.org/view.php?id=CVE-2024-27015
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow table lookup, so pppoe packets enter the classical forwarding path. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: tabla de flujo: tupla de pppoe incorrecta. El tráfico de pppoe que lleg... • https://git.kernel.org/stable/c/72efd585f7144a047f7da63864284764596ccad9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27014 – net/mlx5e: Prevent deadlock while disabling aRFS
https://notcve.org/view.php?id=CVE-2024-27014
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are canceled using the `cancel_work_sync` function, which waits for the work to end if it has already started. However, while waiting for the work handler, the handler will try to acquire the `state_lock` which is already acquired. The worker acquires the lock to delete the rules if the state is down, which is not the ... • https://git.kernel.org/stable/c/45bf454ae88414e80b80979ebb2c22bd66ea7d1b • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27013 – tun: limit printing rate when illegal packet received by tun dev
https://notcve.org/view.php?id=CVE-2024-27013
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. When console is enabled, it will costs much more cpu time to dump packet and soft lockup will be detected. net_ratelimit mechanism can be used to limit the dumping rate. PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980" #0... • https://git.kernel.org/stable/c/ef3db4a5954281bc1ea49a4739c88eaea091dc71 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27012 – netfilter: nf_tables: restore set elements when delete set fails
https://notcve.org/view.php?id=CVE-2024-27012
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcounters to the original state. Currently, it uses the set->ops->walk() to iterate over these set elements. The existing set iterator skips inactive elements in the next generation, this does not work from the abort path to restore the original state since it has to skip active elements instead (not inactive ones). Th... • https://git.kernel.org/stable/c/628bd3e49cba1c066228e23d71a852c23e26da73 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27011 – netfilter: nf_tables: fix memleak in map from abort path
https://notcve.org/view.php?id=CVE-2024-27011
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping. Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already clear... • https://git.kernel.org/stable/c/591054469b3eef34bc097c30fae8ededddf8d796 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27010 – net/sched: Fix mirred deadlock on device recursion
https://notcve.org/view.php?id=CVE-2024-27010
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [..... other info removed for brevity....] [ 82.890906] [ 82.890906] ============================================ [ 82.890906] WARNING: possible recursive locking detected [ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W [ 82.8... • https://git.kernel.org/stable/c/e578d9c02587d57bfa7b560767c698a668a468c6 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27009 – s390/cio: fix race condition during online processing
https://notcve.org/view.php?id=CVE-2024-27009
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts to set that device online fail with return code ENODEV. The problem occurs when a path verification request arrives after a wait for final device state completed, but before the result state is evaluated. Fix ... • https://git.kernel.org/stable/c/2297791c92d04a154ad29ba5a073f9f627982110 •