Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4269: [PATCH net] net/sched: act_mirred: use the backlog for mirred ingress

A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action “mirred”) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.

CVE
#ios#linux#red_hat#dos#git#bios

From: Davide Caratti [email protected] To: Jamal Hadi Salim [email protected], Cong Wang [email protected], Jiri Pirko [email protected], Paolo Abeni [email protected] Cc: Marcelo Ricardo Leitner [email protected], [email protected], [email protected] Subject: [PATCH net] net/sched: act_mirred: use the backlog for mirred ingress Date: Fri, 23 Sep 2022 17:11:12 +0200 [thread overview] Message-ID: 33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com (raw)

William reports kernel soft-lockups on some OVS topologies when TC mirred “egress-to-ingress” action is hit by local TCP traffic. Indeed, using the mirred action in egress-to-ingress can easily produce a dmesg splat like:

============================================ WARNING: possible recursive locking detected 6.0.0-rc4+ #511 Not tainted


nc/1037 is trying to acquire lock: ffff950687843cb0 (slock-AF_INET/1){+.-.}-{2:2}, at: tcp_v4_rcv+0x1023/0x1160

but task is already holding lock: ffff950687846cb0 (slock-AF_INET/1){+.-.}-{2:2}, at: tcp_v4_rcv+0x1023/0x1160

other info that might help us debug this: Possible unsafe locking scenario:

    CPU0
    ----

lock(slock-AF_INET/1); lock(slock-AF_INET/1);

*** DEADLOCK ***

May be due to missing lock nesting notation

12 locks held by nc/1037: #0: ffff950687843d40 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x19/0x40 #1: ffffffff9be07320 (rcu_read_lock){…}-{1:2}, at: __ip_queue_xmit+0x5/0x610 #2: ffffffff9be072e0 (rcu_read_lock_bh){…}-{1:2}, at: ip_finish_output2+0xaa/0xa10 #3: ffffffff9be072e0 (rcu_read_lock_bh){…}-{1:2}, at: __dev_queue_xmit+0x72/0x11b0 #4: ffffffff9be07320 (rcu_read_lock){…}-{1:2}, at: netif_receive_skb+0x181/0x400 #5: ffffffff9be07320 (rcu_read_lock){…}-{1:2}, at: ip_local_deliver_finish+0x54/0x160 #6: ffff950687846cb0 (slock-AF_INET/1){+.-.}-{2:2}, at: tcp_v4_rcv+0x1023/0x1160 #7: ffffffff9be07320 (rcu_read_lock){…}-{1:2}, at: __ip_queue_xmit+0x5/0x610 #8: ffffffff9be072e0 (rcu_read_lock_bh){…}-{1:2}, at: ip_finish_output2+0xaa/0xa10 #9: ffffffff9be072e0 (rcu_read_lock_bh){…}-{1:2}, at: __dev_queue_xmit+0x72/0x11b0 #10: ffffffff9be07320 (rcu_read_lock){…}-{1:2}, at: netif_receive_skb+0x181/0x400 #11: ffffffff9be07320 (rcu_read_lock){…}-{1:2}, at: ip_local_deliver_finish+0x54/0x160

stack backtrace: CPU: 1 PID: 1037 Comm: nc Not tainted 6.0.0-rc4+ #511 Hardware name: Red Hat KVM, BIOS 1.13.0-2.module+el8.3.0+7353+9de0a3cc 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x44/0x5b __lock_acquire.cold.76+0x121/0x2a7 lock_acquire+0xd5/0x310 _raw_spin_lock_nested+0x39/0x70 tcp_v4_rcv+0x1023/0x1160 ip_protocol_deliver_rcu+0x4d/0x280 ip_local_deliver_finish+0xac/0x160 ip_local_deliver+0x71/0x220 ip_rcv+0x5a/0x200 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x1c1/0x400 tcf_mirred_act+0x2a5/0x610 [act_mirred] tcf_action_exec+0xb3/0x210 fl_classify+0x1f7/0x240 [cls_flower] tcf_classify+0x7b/0x320 __dev_queue_xmit+0x3a4/0x11b0 ip_finish_output2+0x3b8/0xa10 ip_output+0x7f/0x260 __ip_queue_xmit+0x1ce/0x610 __tcp_transmit_skb+0xabc/0xc80 tcp_rcv_state_process+0x669/0x1290 tcp_v4_do_rcv+0xd7/0x370 tcp_v4_rcv+0x10bc/0x1160 ip_protocol_deliver_rcu+0x4d/0x280 ip_local_deliver_finish+0xac/0x160 ip_local_deliver+0x71/0x220 ip_rcv+0x5a/0x200 __netif_receive_skb_one_core+0x89/0xa0 netif_receive_skb+0x1c1/0x400 tcf_mirred_act+0x2a5/0x610 [act_mirred] tcf_action_exec+0xb3/0x210 fl_classify+0x1f7/0x240 [cls_flower] tcf_classify+0x7b/0x320 __dev_queue_xmit+0x3a4/0x11b0 ip_finish_output2+0x3b8/0xa10 ip_output+0x7f/0x260 __ip_queue_xmit+0x1ce/0x610 __tcp_transmit_skb+0xabc/0xc80 tcp_write_xmit+0x229/0x12c0 __tcp_push_pending_frames+0x32/0xf0 tcp_sendmsg_locked+0x297/0xe10 tcp_sendmsg+0x27/0x40 sock_sendmsg+0x58/0x70 __sys_sendto+0xfd/0x170 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f11a06fd281 Code: 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 e5 43 2c 00 41 89 ca 8b 00 85 c0 75 1c 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 67 c3 66 0f 1f 44 00 00 41 56 41 89 ce 41 55 RSP: 002b:00007ffd17958358 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000555c6e671610 RCX: 00007f11a06fd281 RDX: 0000000000002000 RSI: 0000555c6e73a9f0 RDI: 0000000000000003 RBP: 0000555c6e6433b0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000002000 R13: 0000555c6e671410 R14: 0000555c6e671410 R15: 0000555c6e6433f8 </TASK>

that is very similar to those observed by William in his setup. By using netif_rx() for mirred ingress packets, packets are queued in the backlog, like it’s done in the receive path of “loopback” and "veth", and the deadlock is not visible anymore. Also add a selftest that can be used to reproduce the problem / verify the fix.

Fixes: 53592b364001 (“net/sched: act_mirred: Implement ingress actions”) Reported-by: William Zhao [email protected] Suggested-by: Paolo Abeni [email protected] Signed-off-by: Davide Caratti [email protected]


net/sched/act_mirred.c | 2 ± …/selftests/net/forwarding/tc_actions.sh | 29 +++++++++++++++++± 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index a1d70cf86843…ff965ed2dd9f 100644 — a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -213,7 +213,7 @@ static int tcf_mirred_forward(bool want_ingress, struct sk_buff *skb) if (!want_ingress) err = tcf_dev_queue_xmit(skb, dev_queue_xmit); else - err = netif_receive_skb(skb);

  •   err = netif\_rx(skb);
    

    return err; } diff --git a/tools/testing/selftests/net/forwarding/tc_actions.sh b/tools/testing/selftests/net/forwarding/tc_actions.sh index 1e0a62f638fe…6e1b0cc68f7d 100755 — a/tools/testing/selftests/net/forwarding/tc_actions.sh +++ b/tools/testing/selftests/net/forwarding/tc_actions.sh @@ -3,7 +3,8 @@

ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \ mirred_egress_mirror_test matchall_mirred_egress_mirror_test \ - gact_trap_test mirred_egress_to_ingress_test"

  • gact_trap_test mirred_egress_to_ingress_test \
  • mirred_egress_to_ingress_tcp_test" NUM_NETIFS=4 source tc_common.sh source lib.sh @@ -198,6 +199,32 @@ mirred_egress_to_ingress_test() log_test "mirred_egress_to_ingress ($tcflags)" }

+mirred_egress_to_ingress_tcp_test() +{

  • local tmpfile=$(mktemp) tmpfile1=$(mktemp)
  • RET=0
  • dd conv=sparse status=none if=/dev/zero bs=1M count=2 of=$tmpfile
  • tc filter add dev $h1 protocol ip pref 100 handle 100 egress flower \
  •   ip\_proto tcp src\_ip 192.0.2.1 dst\_ip 192.0.2.2 \\
    
  •       action ct commit nat src addr 192.0.2.2 pipe \\
    
  •       action ct clear pipe \\
    
  •       action ct commit nat dst addr 192.0.2.1 pipe \\
    
  •       action ct clear pipe \\
    
  •       action skbedit ptype host pipe \\
    
  •       action mirred ingress redirect dev $h1
    
  • ip vrf exec v$h1 nc --recv-only -w10 -l -p 12345 -o $tmpfile1 &
  • local rpid=$!
  • ip vrf exec v$h1 nc -w1 --send-only 192.0.2.2 12345 <$tmpfile
  • wait -n $rpid
  • cmp -s $tmpfile $tmpfile1
  • check_err $? “server output check failed”
  • tc filter del dev $h1 egress protocol ip pref 100 handle 100 flower
  • rm -f $tmpfile $tmpfile1
  • log_test “mirred_egress_to_ingress_tcp” +}

setup_prepare() { h1=${NETIFS[p1]} – 2.37.2

next reply other threads:[~2022-09-23 15:14 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-09-23 15:11 Davide Caratti [this message] 2022-09-25 18:08 ` [PATCH net] net/sched: act_mirred: use the backlog for mirred ingress Cong Wang 2022-10-04 17:40 ` Davide Caratti 2022-10-16 17:28 ` Cong Wang 2022-11-18 23:07 ` Peilin Ye

Reply instructions:

You may reply publicly to this message via plain-text email using any one of the following methods:

* Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox

Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the –to, –cc, and –in-reply-to switches of git-send-email(1):

git send-email \ –in-reply-to=33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com \ –[email protected] \ –[email protected] \ –[email protected] \ –[email protected] \ –[email protected] \ –[email protected] \ –[email protected] \ –[email protected] \ /path/to/YOUR_REPLY

https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).

Related news

Ubuntu Security Notice USN-6385-1

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6332-1

Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Debian Security Advisory 5480-1

Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6284-1

Ubuntu Security Notice 6284-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6186-1

Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6175-1

Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

RHSA-2023:2951: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...

RHSA-2023:2083: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

Red Hat Security Advisory 2023-1953-01

Red Hat Security Advisory 2023-1953-01 - Red Hat OpenShift Logging Subsystem 5.6.5 update. Issues addressed include cross site scripting and denial of service vulnerabilities.

Ubuntu Security Notice USN-6033-1

Ubuntu Security Notice 6033-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-1584-01

Red Hat Security Advisory 2023-1584-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

RHSA-2023:1584: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...

Red Hat Security Advisory 2023-1392-01

Red Hat Security Advisory 2023-1392-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.55.

Red Hat Security Advisory 2023-1393-01

Red Hat Security Advisory 2023-1393-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.55.

RHSA-2023:1392: Red Hat Security Advisory: OpenShift Container Platform 4.10.55 security update

Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled docume...

RHSA-2023:1393: Red Hat Security Advisory: OpenShift Container Platform 4.10.55 security update

Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...

Red Hat Security Advisory 2023-1470-01

Red Hat Security Advisory 2023-1470-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a double free vulnerability.

Red Hat Security Advisory 2023-1469-01

Red Hat Security Advisory 2023-1469-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a double free vulnerability.

RHSA-2023:1470: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of se...

RHSA-2023:1469: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...

Red Hat Security Advisory 2023-1221-01

Red Hat Security Advisory 2023-1221-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-1202-01

Red Hat Security Advisory 2023-1202-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-1220-01

Red Hat Security Advisory 2023-1220-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-1203-01

Red Hat Security Advisory 2023-1203-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

RHSA-2023:1221: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...

RHSA-2023:1220: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...

RHSA-2023:1202: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...

RHSA-2023:1203: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...

Red Hat Security Advisory 2023-1130-01

Red Hat Security Advisory 2023-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.

RHSA-2023:1130: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2964: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking co...

CVE-2022-4269: [PATCH net] net/sched: act_mirred: use the backlog for mirred ingress

A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907