deb package
ubuntu/linux-oem-6.5
pkg:deb/ubuntu/linux-oem-6.5
Vulnerabilities (122)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52614 | Hig | 7.8 | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exc | |
| CVE-2024-26641 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this cal | ||
| CVE-2024-26640 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page mu | ||
| CVE-2023-52619 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will becom | ||
| CVE-2023-52618 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "dev_search_path" can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into "full_path" since it w | ||
| CVE-2023-52617 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point w | ||
| CVE-2024-26638 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero | ||
| CVE-2024-26636 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Lik | ||
| CVE-2024-26635 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the b | ||
| CVE-2024-26634 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get "refunde | ||
| CVE-2023-52616 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was releas | ||
| CVE-2023-52615 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resu | ||
| CVE-2024-26633 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->hea | ||
| CVE-2024-26632 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses. Move the test that we've reached the end of th | ||
| CVE-2024-26631 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_wo | ||
| CVE-2023-52612 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem. | ||
| CVE-2023-52611 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetooth combo | ||
| CVE-2023-52610 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph w | ||
| CVE-2023-52609 | — | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero( | ||
| CVE-2024-26629 | Med | 5.5 | < 6.5.0-1022.23 | 6.5.0-1022.23 | Mar 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kd |
- affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exc
- CVE-2024-26641Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this cal
- CVE-2024-26640Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page mu
- CVE-2023-52619Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will becom
- CVE-2023-52618Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "dev_search_path" can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into "full_path" since it w
- CVE-2023-52617Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point w
- CVE-2024-26638Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero
- CVE-2024-26636Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Lik
- CVE-2024-26635Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the b
- CVE-2024-26634Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get "refunde
- CVE-2023-52616Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was releas
- CVE-2023-52615Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resu
- CVE-2024-26633Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->hea
- CVE-2024-26632Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses. Move the test that we've reached the end of th
- CVE-2024-26631Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_wo
- CVE-2023-52612Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem.
- CVE-2023-52611Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: sdio: Honor the host max_req_size in the RX path Lukas reports skb_over_panic errors on his Banana Pi BPI-CM4 which comes with an Amlogic A311D (G12B) SoC and a RTL8822CS SDIO wifi/Bluetooth combo
- CVE-2023-52610Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph w
- CVE-2023-52609Mar 18, 2024affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero(
- affected < 6.5.0-1022.23fixed 6.5.0-1022.23
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kd
Page 2 of 7