CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47139 – net: hns3: put off calling register_netdev() until client initialize complete
https://notcve.org/view.php?id=CVE-2021-47139
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case, if user try to change the channel number or ring param, it may cause the hns3_set_rx_cpu_rmap() being called twice, and report bug. [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 [4719... • https://git.kernel.org/stable/c/08a100689d4baf296d6898c687ea8d005da8d234 •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47138 – cxgb4: avoid accessing registers when clearing filters
https://notcve.org/view.php?id=CVE-2021-47138
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxgb4: evita acceder a los re... • https://git.kernel.org/stable/c/b1a79360ee862f8ada4798ad2346fa45bb41b527 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47137 – net: lantiq: fix memory corruption in RX ring
https://notcve.org/view.php?id=CVE-2021-47137
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: lantiq: corrige la corrupción de ... • https://git.kernel.org/stable/c/fe1a56420cf2ec28c8eceef672b87de0bbe1a260 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47136 – net: zero-initialize tc skb extension on allocation
https://notcve.org/view.php?id=CVE-2021-47136
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional f... • https://git.kernel.org/stable/c/038ebb1a713d114d54dbf14868a73181c0c92758 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26643 – netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
https://notcve.org/view.php?id=CVE-2024-26643
21 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timesta... • https://git.kernel.org/stable/c/bbdb3b65aa91aa0a32b212f27780b28987f2d94f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26642 – netfilter: nf_tables: disallow anonymous set with timeout flag
https://notcve.org/view.php?id=CVE-2024-26642
21 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: no permitir conjuntos anónimos con indicador de tiempo de espera Los conjuntos anónimos nunca se usan con tiempo de espera del espacio de usuario,... • https://git.kernel.org/stable/c/761da2935d6e18d178582dbdf315a3a458555505 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 2.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52620 – netfilter: nf_tables: disallow timeout for anonymous sets
https://notcve.org/view.php?id=CVE-2023-52620
21 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: no permite el tiempo de espera para conjuntos anónimos Nunca se usa desde el espacio de usuario, no permita estos parámetros. A vulnerability was found in netfilter/nf_tables componets of Linux Kernel allows an userspace to set timeouts for ano... • https://git.kernel.org/stable/c/116b0e8e4673a5faa8a739a19b467010c4d3058c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26641 – ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
https://notcve.org/view.php?id=CVE-2024-26641
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-val... • https://git.kernel.org/stable/c/0d3c703a9d1723c7707e0680019ac8ff5922db42 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26640 – tcp: add sanity checks to rx zerocopy
https://notcve.org/view.php?id=CVE-2024-26640
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$in... • https://git.kernel.org/stable/c/93ab6cc69162775201587cc9da00d5016dc890e2 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52619 – pstore/ram: Fix crash when setting number of cpus to an odd number
https://notcve.org/view.php?id=CVE-2023-52619
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of zone1 = BASE + zone_size addr of zone2 = BASE + zone_size*2 ... The address of zone1/3/5/7 will be mapped to non-alignment va. Eventually crashes will occur when accessing these va. S... • https://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •