CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52655 – usb: aqc111: check packet for fixup for true limit
https://notcve.org/view.php?id=CVE-2023-52655
In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length will wrap around ending up as some very large value. The driver will then proceed to parse the header located at that position, which will either oops or process some random value. The fix is to check against sizeof(u64) rather than 0, which the driver currently does. The issue exists since the introduction of the driver. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb: aqc111: verifique el paquete para corregir el límite verdadero Si un dispositivo envía un paquete que está entre 0 y sizeof(u64), el valor pasado a skb_trim() como longitud se ajustará terminando como un valor muy grande. Luego, el controlador procederá a analizar el encabezado ubicado en esa posición, lo que procesará algún valor aleatorio. La solución es compararlo con sizeof(u64) en lugar de 0, como hace actualmente el controlador. • https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204 https://git.kernel.org/stable/c/d69581c17608d81824dd497d9a54b6a5b6139975 https://git.kernel.org/stable/c/46412b2fb1f9cc895d6d4036bf24f640b5d86dab https://git.kernel.org/stable/c/82c386d73689a45d5ee8c1290827bce64056dddd https://git.kernel.org/stable/c/2ebf775f0541ae0d474836fa0cf3220e502f8e3e https://git.kernel.org/stable/c/ccab434e674ca95d483788b1895a70c21b7f016a •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27397 – netfilter: nf_tables: use timestamp to check for set element timeout
https://notcve.org/view.php?id=CVE-2024-27397
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to use the timestamp, this avoids that an element expires while control plane transaction is still unfinished. .lookup and .update, which are used from packet path, still use the current time to check if the element has expired. And .get path and dump also since this runs lockless under rcu read size lock. Then, there is async gc which also needs to check the current time since it runs asynchronously from a workqueue. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: use la marca de tiempo para verificar el tiempo de espera del elemento establecido. Agregue un campo de marca de tiempo al comienzo de la transacción y guárdelo en el área nftables per-netns. • https://git.kernel.org/stable/c/c3e1b005ed1cc068fc9d454a6e745830d55d251d https://git.kernel.org/stable/c/f8dfda798650241c1692058713ca4fef8e429061 https://git.kernel.org/stable/c/eaf1a29ea5d7dba8e84e9e9f3b3f47d0cd540bfe https://git.kernel.org/stable/c/7b17de2a71e56c10335b565cc7ad238e6d984379 https://git.kernel.org/stable/c/0d40e8cb1d1f56a994cdd2e015af622fdca9ed4d https://git.kernel.org/stable/c/b45176b869673417ace338b87cf9cdb66e2eeb01 https://git.kernel.org/stable/c/383182db8d58c4237772ba0764cded4938a235c3 https://git.kernel.org/stable/c/7395dfacfff65e9938ac0889dafa1ab01 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27396 – net: gtp: Fix Use-After-Free in gtp_dellink
https://notcve.org/view.php?id=CVE-2024-27396
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gtp: corrige Use-After-Free en gtp_dellink Dado que call_rcu, que se llama en el recorrido hlist_for_each_entry_rcu de gtp_dellink, no forma parte de la sección crítica de lectura de RCU, es posible que el período de gracia de RCU pasará durante el recorrido y la clave quedará libre. Para evitar esto, se debe cambiar a hlist_for_each_entry_safe. • https://git.kernel.org/stable/c/043a283d24f40fea4c8a8d06b0e2694c8e372200 https://git.kernel.org/stable/c/c185e1d6e2752a4b656c3ca878c525fa11f55757 https://git.kernel.org/stable/c/94dc550a5062030569d4aa76e10e50c8fc001930 https://git.kernel.org/stable/c/a29c4303930bc0c25ae6a4f365dcdef71447b4ea https://git.kernel.org/stable/c/07b20d0a3dc13fb1adff10b60021a4924498da58 https://git.kernel.org/stable/c/718df1bc226c383dd803397d7f5d95557eb81ac7 https://git.kernel.org/stable/c/0caff3e6390f840666b8dc1ecebf985c2ef3f1dd https://git.kernel.org/stable/c/2e74b3fd6bf542349758f283676dff366 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27395 – net: openvswitch: Fix Use-After-Free in ovs_ct_exit
https://notcve.org/view.php?id=CVE-2024-27395
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: openvswitch: Fix Use-After-Free en ovs_ct_exit Dado que kfree_rcu, que se llama en el recorrido hlist_for_each_entry_rcu de ovs_ct_limit_exit, no forma parte de la sección crítica de lectura de RCU, es posible que el período de gracia de RCU pasará durante el recorrido y la clave quedará libre. Para evitar esto, se debe cambiar a hlist_for_each_entry_safe. • https://git.kernel.org/stable/c/11efd5cb04a184eea4f57b68ea63dddd463158d1 https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994 https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424 https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3 https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4 https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1 https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137 https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27393 – xen-netfront: Add missing skb_mark_for_recycle
https://notcve.org/view.php?id=CVE-2024-27393
In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks"). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: xen-netfront: agrega skb_mark_for_recycle faltante. Tenga en cuenta que skb_mark_for_recycle() se introduce más tarde que la etiqueta de corrección en el commit 6a5bcd84e886 ("page_pool: permitir que los controladores indiquen el reciclaje de SKB"). Se cree que a la etiqueta de correcciones le faltaba una llamada a page_pool_release_page() entre v5.9 y v5.14, después de lo cual debería haber usado skb_mark_for_recycle(). Desde v6.6, la llamada page_pool_release_page() se eliminó (en el commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") y las personas que llaman restantes se convirtieron (en el commit 6bfef2ec0172 ("Merge Branch 'net-page_pool-remove-page_pool_release_page'") ). • https://git.kernel.org/stable/c/6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c https://git.kernel.org/stable/c/4143b9479caa29bb2380f3620dcbe16ea84eb3b1 https://git.kernel.org/stable/c/7c1250796b6c262b505a46192f4716b8c6a6a8c6 https://git.kernel.org/stable/c/27aa3e4b3088426b7e34584274ad45b5afaf7629 https://git.kernel.org/stable/c/c8b7b2f158d9d4fb89cd2f68244af154f7549bb4 https://git.kernel.org/stable/c/037965402a010898d34f4e35327d22c0a95cd51f http://www.openwall.com/lists/oss-security/2024/05/08/4 http://xenbits.xen.org/xsa/advisory-457.html https:& •