In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
Inthe Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using aBPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system -such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferent errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen usinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs settinga different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc:RemapEPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using aBPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system -such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferent errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen usinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs settinga different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc:Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using aBPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system -such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferent errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen usinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs settinga different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In theLinux kernel, the following vulnerability has been resolved:net, sunrpc:RemapEPERM in case of connection failure in xs_tcp_setup_socketWhenusinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up intoother layerswhichmight not beready to handle it. It might besafer to mapEPERMto anerror wewould bemore likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED aserrorseems reasonable. For programs setting a different errorcan be out ofreach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead ofallow boolean"), thusgiven thatit is better to simplyremap forconsistent behavior. UDP does handleEPERM in xs_udp_send_request().TheLinux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
Inthe Linuxkernel, the following vulnerability has been resolved:net, sunrpc: RemapEPERMin case of connection failure in xs_tcp_setup_socketWhen usinga BPFprogram on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: Thiswill propagate -EPERM up into otherlayers whichmightnot be ready to handle it. It might be saferto map EPERMto anerrorwe wouldbe more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as errorseemsreasonable. For programs setting a different errorcan be out of reach(see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allowboolean"), thus giventhat it isbetter to simply remapforconsistent behavior. UDP does handle EPERMin xs_udp_send_request().The Linuxkernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using aBPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system -such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferent errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen usinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs settinga different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using aBPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system -such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferent errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen usinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs settinga different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using aBPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system -such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferent errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen usinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs settinga different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using aBPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system -such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferent errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen usinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs settinga different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using aBPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system -such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferent errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen usinga BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs settinga different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
Inthe Linux kernel, thefollowing vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthekernel to potentially freeze up.Neil suggested: This willpropagate-EPERM up into other layers whichmight notbeready to handle it. It might be safer tomap EPERM to an error we would be more likelyto expect from the network system- such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programssetting adifferent errorcanbe out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that itisbetterto simply remap forconsistentbehavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/d74bad4e74ee373787a9ae24197c17b7cdc428d5 | ubuntu |
| linux | | https://git.kernel.org/linus/626dfed5fa3bfb41e0dffd796032b555b69f9cde | https://git.kernel.org/linus/4fbac77d2d092b475dda9eea66da674369665427 | ubuntu |
</details>
二、漏洞分析结构反馈
影响性分析说明:
IntheLinuxkernel, the followingvulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel topotentially freeze up.Neil suggested: This willpropagate-EPERM upinto other layers which might notbe ready tohandleit. It might be safer to map EPERMto an error we would be more likely toexpectfrom the network system - such asECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting adifferenterrorcan be out ofreach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is bettertosimplyremap forconsistent behavior.UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean"), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().The Linux kernel CVE team has assigned CVE-2024-42246 to this issue.
In the Linux kernel, the following vulnerability has been resolved:net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socketWhen using a BPF program on kernel_connect(), the call can return -EPERM. Thiscauses xs_tcp_setup_socket() to loop forever, filling up the syslog and causingthe kernel to potentially freeze up.Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.ECONNREFUSED as error seems reasonable. For programs setting a different errorcan be out of reach (see handling in 4fbac77d2d09) in particular on kernelswhich do not have f10d05966196 ( bpf: Make BPF_PROG_RUN_ARRAY return -errinstead of allow boolean ), thus given that it is better to simply remap forconsistent behavior. UDP does handle EPERM in xs_udp_send_request().
