In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf

In the Linux kernel, the following vulnerability has been resolved: S ...

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_address(in_token->pages[0]) for the initial memcpy, which can dereference NULL even when the copy length is 0. Guard the first memcpy so it only runs when length > 0.

Уязвимость функции gss_read_proxy_verf() модуля net/sunrpc/auth_gss/svcauth_gss.c ядра операционной системы Linux, позволяющая нарушителю, действующему удалённо, вызвать отказ в обслуживании

Security update for the Linux Kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5)

Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4)

Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)

Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)

Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5)

Security update for the Linux Kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5)

Security update for the Linux Kernel (Live Patch 74 for SUSE Linux Enterprise 12 SP5)

Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6)

Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)

Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

Security update for the Linux Kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4)