Уязвимость компонентов bpf и ktls ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete "Application Data" packet, leading to errors on the receiving end when parsing TLS record.

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete "Application Data" packet, leading to errors on the receiving end when parsing TLS record.

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete "Application Data" packet, leading to errors on the receiving end when parsing TLS record.

bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls

In the Linux kernel, the following vulnerability has been resolved: b ...

In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data length via socket policy, we failed to recalculate the ciphertext length. This results in transmitting buffers containing uninitialized data during ciphertext transmission. This causes uninitialized bytes to be appended after a complete "Application Data" packet, leading to errors on the receiving end when parsing TLS record.

Security update for the Linux Kernel (Live Patch 3 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel RT (Live Patch 3 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)

Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP6)

Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP6)

Security update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP6)

Security update for the Linux Kernel (Live Patch 23 for SUSE Linux Enterprise 15 SP5)

Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)

Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)

Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5)