ALAS2-2024-2475 --- kernelID: oval:org.secpod.oval:def:1702167 | Date: (C)2024-03-15 (M)2024-04-29 |
Class: PATCH | Family: unix |
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. A flaw was found in the ATA over Ethernet driver in the Linux kernel. The aoecmd_cfg_pkts function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access
Product: |
kernel |
perf |
python-perf |