CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52658 – Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"
https://notcve.org/view.php?id=CVE-2023-52658
In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Revertir "net/mlx5: Block entering switchdev mode with ns inconsistency" Esto revierte la confirmación 662404b24a4c4d839839ed25e3097571f5938b9b. La reversión es necesaria debido a la sospecha de que no sirve para nada y provoca un bloqueo. • https://git.kernel.org/stable/c/662404b24a4c4d839839ed25e3097571f5938b9b https://git.kernel.org/stable/c/93260bd809e0ce44fda463ebc590376e24d8cc11 https://git.kernel.org/stable/c/882b988a3897062abed5f935de527797913f5876 https://git.kernel.org/stable/c/3fba8eab2cfc7334e0f132d29dfd2552f2f2a579 https://git.kernel.org/stable/c/1bcdd66d33edb446903132456c948f0b764ef2f9 https://git.kernel.org/stable/c/8deeefb24786ea7950b37bde4516b286c877db00 https://access.redhat.com/security/cve/CVE-2023-52658 https://bugzilla.redhat.com/show_bug.cgi?id=2281149 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27418 – net: mctp: take ownership of skb in mctp_local_output
https://notcve.org/view.php?id=CVE-2024-27418
In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fails in specific states; the skb ownership isn't transferred until the actual output routing occurs. Instead, make mctp_local_output free the skb on all error paths up to the route action, so it always consumes the passed skb. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: mctp: toma posesión de skb en mctp_local_output Actualmente, mctp_local_output solo toma propiedad de skb en caso de éxito, y podemos filtrar un fallo skb si mctp_local_output en estados específicos; la propiedad del skb no se transfiere hasta que se produce el enrutamiento de salida real. En su lugar, haga que mctp_local_output libere el skb en todas las rutas de error hasta la acción de ruta, de modo que siempre consuma el skb pasado. • https://git.kernel.org/stable/c/833ef3b91de692ef33b800bca6b1569c39dece74 https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68 https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27417 – ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
https://notcve.org/view.php?id=CVE-2024-27417
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: soluciona una posible fuga de "struct net" en inet6_rtm_getaddr() Parece que si el espacio de usuario proporciona un valor IFA_TARGET_NETNSID correcto pero no los atributos IFA_ADDRESS e IFA_LOCAL, inet6_rtm_getaddr() devuelve -EINVAL con un recuento elevado de "estructura neta". • https://git.kernel.org/stable/c/6ecf4c37eb3e89b0832c9616089a5cdca3747da7 https://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132 https://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174 https://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906 https://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a https://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f https://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e https://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c4 •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27416 – Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
https://notcve.org/view.php?id=CVE-2024-27416
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_event: Corrige el manejo de HCI_EV_IO_CAPA_REQUEST Si recibimos HCI_EV_IO_CAPA_REQUEST mientras HCI_OP_READ_REMOTE_EXT_FEATURES aún no se ha respondido, supongamos que el control remoto admite SSP ya que, de lo contrario, este evento no debería generarse. • https://git.kernel.org/stable/c/ccb8618c972f941ebc6b2b9db491025b3369efcb https://git.kernel.org/stable/c/1769ac55dbf3114d5bf79f11bd5dca80ee263f9c https://git.kernel.org/stable/c/40a33a129d99639921ce00d274cca44ba282f1ac https://git.kernel.org/stable/c/1ef071526848cc3109ade63268854cd7c20ece0c https://git.kernel.org/stable/c/25e5d2883002e235f3378b8592aad14aeeef898c https://git.kernel.org/stable/c/c7f59461f5a78994613afc112cdd73688aef9076 https://git.kernel.org/stable/c/2c7f9fda663a1b31a61744ffc456bdb89c4efc7f https://git.kernel.org/stable/c/746dbb0fc6392eca23de27f8aa9d13979 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27415 – netfilter: bridge: confirm multicast packets before passing them up the stack
https://notcve.org/view.php?id=CVE-2024-27415
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges. Example: macvlan0 | br0 / \ ethX ethY ethX (or Y) receives a L2 multicast or broadcast packet containing an IP packet, flow is not yet in conntrack table. 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting. -> skb->_nfct now references a unconfirmed entry 2. skb is broad/mcast packet. bridge now passes clones out on each bridge interface. 3. skb gets passed up the stack. 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb and schedules a work queue to send them out on the lower devices. The clone skb->_nfct is not a copy, it is the same entry as the original skb. The macvlan rx handler then returns RX_HANDLER_PASS. 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb. The Macvlan broadcast worker and normal confirm path will race. This race will not happen if step 2 already confirmed a clone. In that case later steps perform skb_clone() with skb->_nfct already confirmed (in hash table). • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/7c3f28599652acf431a2211168de4a583f30b6d5 https://git.kernel.org/stable/c/2b1414d5e94e477edff1d2c79030f1d742625ea0 https://git.kernel.org/stable/c/80cd0487f630b5382734997c3e5e3003a77db315 https://git.kernel.org/stable/c/cb734975b0ffa688ff6cc0eed463865bf07b6c01 https://git.kernel.org/stable/c/62e7151ae3eb465e0ab52a20c941ff33bb6332e9 https://access.redhat.com/security/cve/CVE-2024-27415 https://bugzilla.redhat.com/show_bug.cgi?id=2281101 •