In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel 4.6 |
||
linux linux kernel |
||
linux linux kernel 4.19.316 |
||
linux linux kernel 5.4.278 |
||
linux linux kernel 5.10.219 |
||
linux linux kernel 5.15.161 |
||
linux linux kernel 6.1.94 |
||
linux linux kernel 6.6.34 |
||
linux linux kernel 6.9.4 |
||
linux linux kernel 6.10 |
||
linux linux |
CISA warns about actively exploited Apache OFBiz RCE flaw By Bill Toulas August 8, 2024 03:43 PM 0 The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a popular open-source enterprise resource planning (ERP) system that provides a suite of business applications to manage various aspects of an organization. Due to its versatility and cost-effective...
Google fixes Android kernel zero-day exploited in targeted attacks By Sergiu Gatlan August 5, 2024 06:40 PM 0 Image: MidjourneyAndroid security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. The zero-day, tracked as CVE-2024-36971, is a use after free (UAF) weakness in the Linux kernel's network route management. It requires System execution privileges for successful exploitation and allows altering the behav...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources And Qualcomm addresses 'permanent denial of service' flaw in its stuff
Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution (RCE). From the sounds of things, this hole already been spotted and exploited by spyware slingers. This bug, tracked as CVE-2024-36971, is a use-after-free vulnerability in the networking stack that earned a high-severity 7.8-out-of-10 CVSS rating. Successful exploitation may lead to "remote code execution with System executi...