|
KASAN: use-after-free Read in nf_hook_entry_head
netfilter
|
19 |
syz |
error |
|
62 |
111d |
136d
|
29/29 |
60d |
b7cdc5a97d02
netfilter: nf_tables: Fix for duplicate device in netdev hooks
|
|
WARNING in nft_map_deactivate
netfilter
|
-1 |
C |
error |
|
5 |
124d |
136d
|
29/29 |
60d |
fb7fb4016300
netfilter: nf_tables: clone set on flush only
|
|
KASAN: slab-use-after-free Read in nft_array_get_cmp
netfilter
|
19 |
C |
error |
|
5 |
157d |
158d
|
29/29 |
60d |
35f83a75529a
netfilter: nft_set_rbtree: don't gc elements on insert
|
|
WARNING in nf_reject_fill_skb_dst
netfilter
|
-1 |
C |
done |
|
214 |
305d |
318d
|
29/29 |
265d |
netfilter: nf_reject: don't leak dst refcount for loopback packets
|
|
WARNING in nf_send_reset6
netfilter
|
-1 |
C |
|
|
9 |
309d |
317d
|
29/29 |
265d |
netfilter: nf_reject: don't leak dst refcount for loopback packets
|
|
WARNING in nft_socket_init (2)
netfilter
|
-1 |
C |
done |
|
6 |
327d |
345d
|
29/29 |
269d |
1dee968d22ea
netfilter: nft_socket: remove WARN_ON_ONCE with huge level value
|
|
WARNING in ip_mr_output
netfilter
|
-1 |
C |
error |
|
74 |
370d |
373d
|
29/29 |
304d |
beead7eea896
net: ipv4: guard ip_mr_output() with rcu
|
|
KASAN: slab-out-of-bounds Read in nfacct_mt_checkentry
netfilter
|
17 |
C |
done |
|
7 |
354d |
352d
|
29/29 |
304d |
bf58e667af7d
netfilter: xt_nfacct: don't assume acct name is null-terminated
|
|
KMSAN: uninit-value in nf_flow_offload_inet_hook (2)
netfilter
|
7 |
C |
|
|
13 |
361d |
363d
|
29/29 |
304d |
18cdb3d982da
netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
|
|
BUG: assuming non migratable context at ./include/linux/filter.h:LINE
netfilter
|
-1 |
C |
done |
|
1189 |
316d |
352d
|
29/29 |
304d |
17ce3e5949bc
bpf: Disable migration in nf_hook_run_bpf().
|
|
KASAN: slab-use-after-free Read in nf_tables_trans_destroy_work (2)
netfilter
|
19 |
syz |
|
|
1 |
490d |
490d
|
28/29 |
390d |
fb8286562ecf
netfilter: nf_tables: make destruction work queue pernet
|
|
WARNING in nft_socket_init
netfilter
|
-1 |
C |
done |
|
14 |
519d |
587d
|
28/29 |
425d |
b7529880cb96
netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level
|
|
KASAN: slab-out-of-bounds Read in led_tg_check
netfilter
|
17 |
C |
done |
|
5 |
581d |
591d
|
28/29 |
425d |
04317f4eb2aa
netfilter: x_tables: fix LED ID check in led_tg_check()
|
|
KASAN: slab-out-of-bounds Read in bitmap_ip_add (2)
netfilter
|
17 |
C |
|
|
3 |
604d |
600d
|
28/29 |
566d |
35f56c554eb1
netfilter: ipset: add missing range check in bitmap_ip_uadt
|
|
WARNING in xt_cluster_mt (2)
netfilter
|
-1 |
C |
inconclusive |
|
5 |
641d |
640d
|
28/29 |
599d |
0bfcb7b71e73
netfilter: xtables: avoid NFPROTO_UNSPEC where needed
|
|
KMSAN: uninit-value in nf_reject_ip6_tcphdr_put
netfilter
|
7 |
C |
|
|
136 |
646d |
660d
|
28/29 |
621d |
9c778fe48d20
UPSTREAM: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()
|
|
KASAN: slab-use-after-free Read in nf_tables_trans_destroy_work
netfilter
|
19 |
C |
error |
|
147 |
726d |
733d
|
26/29 |
698d |
9f6958ba2e90
netfilter: nf_tables: unconditionally flush pending work before notifier
|
|
general protection fault in nf_tproxy_laddr4
netfilter
|
8 |
C |
error |
|
5 |
774d |
783d
|
25/29 |
754d |
21a673bddc8f
netfilter: tproxy: bail out if IP has been disabled on the device
|
|
KASAN: slab-use-after-free Read in ip_skb_dst_mtu
netfilter
|
19 |
C |
error |
|
5 |
819d |
851d
|
25/29 |
773d |
18685451fc4e
inet: inet_defrag: prevent sk release while still in use
|
|
KASAN: slab-out-of-bounds Read in update_counters
netfilter
bridge
|
17 |
C |
|
|
3 |
820d |
820d
|
25/29 |
773d |
0c83842df40f
netfilter: validate user input for expected length
|
|
KASAN: slab-out-of-bounds Read in do_ipt_set_ctl
netfilter
|
17 |
C |
|
|
111 |
811d |
822d
|
25/29 |
773d |
0c83842df40f
netfilter: validate user input for expected length
|
|
KMSAN: uninit-value in nf_flow_offload_ip_hook
netfilter
|
7 |
C |
|
|
5 |
821d |
822d
|
25/29 |
773d |
87b3593bed18
netfilter: flowtable: validate pppoe header
|
|
WARNING: ODEBUG bug in ip_set_free
netfilter
|
-1 |
C |
|
|
42 |
869d |
872d
|
25/29 |
829d |
27c5a095e251
netfilter: ipset: Missing gc cancellations fixed
|
|
WARNING: ODEBUG bug in hash_netiface4_destroy
netfilter
|
-1 |
C |
done |
|
80 |
870d |
884d
|
25/29 |
829d |
27c5a095e251
netfilter: ipset: Missing gc cancellations fixed
|
|
WARNING in __nf_unregister_net_hook (6)
netfilter
|
-1 |
C |
error |
|
2 |
875d |
991d
|
25/29 |
831d |
bccebf647017
netfilter: nf_tables: set dormant flag on hook register failure
|
|
inconsistent lock state in nf_connlabels_put
netfilter
|
4 |
C |
done |
|
4 |
983d |
984d
|
25/29 |
914d |
643d12603664
netfilter: conntrack: switch connlabels to atomic_t
|
|
WARNING: proc registration bug in clusterip_tg_check (3)
netfilter
|
-1 |
C |
done |
inconclusive |
9 |
1262d |
1796d
|
22/29 |
1123d |
9db5d918e2c0
netfilter: ip_tables: remove clusterip target
|
|
KASAN: vmalloc-out-of-bounds Read in __ebt_unregister_table
bridge
netfilter
|
17 |
C |
error |
|
4 |
1233d |
1234d
|
22/29 |
1123d |
e58a171d35e3
netfilter: ebtables: fix table blob use-after-free
|
|
INFO: task hung in nfnetlink_rcv_msg (3)
netfilter
|
1 |
C |
done |
|
5 |
1303d |
1314d
|
22/29 |
1123d |
5e29dc36bd5e
netfilter: ipset: Rework long task execution when adding/deleting entries
|
|
KASAN: slab-out-of-bounds Read in cttimeout_net_exit
netfilter
|
17 |
C |
|
|
1444 |
1472d |
1509d
|
22/29 |
1227d |
aeed55a08d0b
netfilter: cttimeout: fix slab-out-of-bounds read in cttimeout_net_exit
394e771684f7
netfilter: cttimeout: fix slab-out-of-bounds read typo in cttimeout_net_exit
|
|
KASAN: use-after-free Read in nf_hook_entries_grow
netfilter
|
19 |
C |
done |
done |
5 |
1617d |
1658d
|
22/29 |
1227d |
6069da443bf6
netfilter: nf_tables: unregister flowtable hooks on netns exit
|
|
UBSAN: array-index-out-of-bounds in nfnetlink_unbind
netfilter
|
17 |
C |
done |
|
6621 |
1493d |
1509d
|
22/29 |
1227d |
ffd219efd9ee
netfilter: nfnetlink: fix warn in nfnetlink_unbind
|
|
KASAN: use-after-free Read in nf_confirm
netfilter
|
19 |
C |
done |
|
605 |
1493d |
1509d
|
22/29 |
1227d |
56b14ecec97f
netfilter: conntrack: re-fetch conntrack after insertion
|
|
KASAN: use-after-free Read in nf_tables_trans_destroy_work
netfilter
|
19 |
C |
done |
|
6 |
1357d |
1364d
|
22/29 |
1227d |
d4bc8271db21
netfilter: nf_tables: netlink notifier might race to release objects
26b5934ff419
netfilter: nf_tables: release flow rule object from commit path
|
|
WARNING in nf_tables_exit_net
netfilter
|
-1 |
C |
error |
|
3 |
1345d |
1345d
|
22/29 |
1227d |
03c1f1ef1584
netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()
|
|
memory leak in nft_chain_parse_hook
netfilter
|
3 |
C |
|
|
1 |
1409d |
1405d
|
22/29 |
1227d |
77972a36ecc4
netfilter: nf_tables: clean up hook list when offload flags check fails
|
|
KASAN: use-after-free Read in __nf_register_net_hook
netfilter
|
19 |
C |
error |
|
5 |
1589d |
1589d
|
22/29 |
1227d |
56763f12b0f0
netfilter: fix use-after-free in __nf_register_net_hook()
|
|
memory leak in do_replace
bridge
netfilter
|
3 |
C |
|
|
1 |
1388d |
1384d
|
22/29 |
1227d |
62ce44c4fff9
netfilter: ebtables: fix memory leak when blob is malformed
|
|
WARNING in nfnetlink_unbind
netfilter
|
-1 |
C |
done |
|
235 |
1493d |
1509d
|
22/29 |
1227d |
ffd219efd9ee
netfilter: nfnetlink: fix warn in nfnetlink_unbind
|
|
WARNING: kmalloc bug in hash_ip_create
netfilter
|
-1 |
C |
done |
|
641 |
1738d |
1765d
|
20/29 |
1580d |
7bbc3d385bd8
netfilter: ipset: Fix oversized kvmalloc() calls
|
|
KASAN: use-after-free Read in nft_table_lookup (2)
netfilter
|
19 |
syz |
done |
|
1 |
1760d |
1756d
|
20/29 |
1580d |
a499b03bf36b
netfilter: nf_tables: unlink table before deleting it
|
|
WARNING: kmalloc bug in hash_net_create
netfilter
|
-1 |
C |
done |
|
283 |
1738d |
1765d
|
20/29 |
1580d |
7bbc3d385bd8
netfilter: ipset: Fix oversized kvmalloc() calls
|
|
WARNING: kmalloc bug in nf_tables_newset
netfilter
|
-1 |
C |
done |
|
95 |
1738d |
1765d
|
20/29 |
1580d |
45928afe94a0
netfilter: nf_tables: Fix oversized kvmalloc() calls
|
|
WARNING: kmalloc bug in hash_mac_create
netfilter
|
-1 |
C |
done |
|
11 |
1759d |
1763d
|
20/29 |
1580d |
7bbc3d385bd8
netfilter: ipset: Fix oversized kvmalloc() calls
|
|
KASAN: use-after-free Read in nf_tables_dump_sets
netfilter
|
19 |
syz |
done |
done |
1 |
1762d |
1791d
|
20/29 |
1580d |
a499b03bf36b
netfilter: nf_tables: unlink table before deleting it
|
|
WARNING in __nf_unregister_net_hook (4)
netfilter
|
-1 |
C |
error |
|
66 |
1582d |
1912d
|
20/29 |
1580d |
68a3765c659f
netfilter: nf_tables: skip netdev events generated on netns removal
|
|
general protection fault in nf_tables_dump_tables
netfilter
|
2 |
syz |
done |
done |
4 |
1744d |
1744d
|
20/29 |
1580d |
a499b03bf36b
netfilter: nf_tables: unlink table before deleting it
|
|
WARNING in destroy_conntrack
netfilter
|
-1 |
C |
done |
|
1 |
1793d |
1791d
|
20/29 |
1698d |
e3245a7b7b34
netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex
|
|
divide error in nft_limit_init
netfilter
|
2 |
C |
done |
|
4 |
1911d |
1913d
|
20/29 |
1698d |
b895bdf5d643
netfilter: nft_limit: avoid possible divide error in nft_limit_init
|
|
KASAN: slab-out-of-bounds Write in xt_compat_target_from_user
netfilter
|
21 |
C |
error |
error |
1 |
2149d |
2147d
|
20/29 |
1698d |
b29c457a6511
netfilter: x_tables: fix compat match/target pad out-of-bound write
|
|
BUG: sleeping function called from invalid context in __alloc_skb
netfilter
|
5 |
C |
done |
|
33 |
1746d |
1887d
|
20/29 |
1698d |
7072a355ba19
netfilter: nfnetlink: add a missing rcu_read_unlock()
|
|
UBSAN: shift-out-of-bounds in nft_hash_estimate
netfilter
|
-1 |
C |
done |
|
3 |
1887d |
1887d
|
20/29 |
1698d |
a54754ec9891
netfilter: nftables: avoid overflows in nft_hash_buckets()
|
|
KASAN: use-after-free Write in nft_ct_tmpl_put_pcpu
netfilter
|
22 |
C |
done |
|
3 |
1793d |
1793d
|
20/29 |
1698d |
e3245a7b7b34
netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with mutex
|
|
general protection fault in nft_set_elem_expr_alloc
netfilter
|
2 |
C |
done |
|
3 |
1862d |
1859d
|
20/29 |
1698d |
ad9f151e560b
netfilter: nf_tables: initialize set before expression setup
|
|
kernel BUG at lib/string.c:LINE! (6)
netfilter
|
-1 |
C |
done |
|
2 |
2025d |
2021d
|
19/29 |
1943d |
6cb56218ad9e
netfilter: xt_RATEEST: reject non-null terminated string from userspace
|
|
UBSAN: shift-out-of-bounds in hash_mac_create
netfilter
|
-1 |
C |
unreliable |
|
29 |
2010d |
2029d
|
19/29 |
1943d |
5c8193f568ae
netfilter: ipset: fix shift-out-of-bounds in htable_bits()
|
|
memory leak in nf_tables_addchain
netfilter
|
3 |
C |
|
|
1 |
2156d |
2154d
|
15/29 |
2117d |
59136aa3b264
netfilter: nf_tables: free chain context when BINDING flag is missing
|
|
WARNING in compat_do_ebt_get_ctl
bridge
netfilter
|
-1 |
C |
done |
|
15 |
2147d |
2158d
|
15/29 |
2117d |
5c04da55c754
netfilter: ebtables: reject bogus getopt len value
|
|
WARNING in __nf_unregister_net_hook (2)
netfilter
|
-1 |
C |
done |
|
9 |
2184d |
2182d
|
15/29 |
2117d |
1e9451cbda45
netfilter: nf_tables: fix nat hook table deletion
|
|
memory leak in ctnetlink_del_conntrack
netfilter
|
3 |
C |
|
|
1 |
2219d |
2216d
|
15/29 |
2178d |
6c2d2176a85e
netfilter: ctnetlink: memleak in filter initialization error path
|
|
memory leak in nf_tables_parse_netdev_hooks (3)
netfilter
|
3 |
C |
|
|
1 |
2219d |
2216d
|
15/29 |
2178d |
3003055f5066
netfilter: nf_tables: hook list memleak in flowtable deletion
|
|
KASAN: invalid-free in nf_tables_newset
netfilter
|
24 |
C |
done |
|
21 |
2271d |
2286d
|
15/29 |
2208d |
7fb6f78df700
netfilter: nf_tables: do not leave dangling pointer in nf_tables_set_alloc_name
|
|
INFO: task hung in hashlimit_net_exit
netfilter
|
1 |
syz |
done |
|
53 |
2326d |
2334d
|
15/29 |
2272d |
8d0015a7ab76
netfilter: xt_hashlimit: limit the max size of hashtable
|
|
WARNING: proc registration bug in hashlimit_mt_check_common
netfilter
|
-1 |
C |
done |
|
320 |
2311d |
2336d
|
15/29 |
2272d |
99b79c3900d4
netfilter: xt_hashlimit: unregister proc file before releasing mutex
|
|
INFO: rcu detected stall in ip_set_uadd
netfilter
|
1 |
C |
done |
|
11 |
2316d |
2353d
|
15/29 |
2272d |
f66ee0410b1c
netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports
|
|
memory leak in nf_tables_parse_netdev_hooks (2)
netfilter
|
3 |
C |
|
|
2 |
2311d |
2315d
|
15/29 |
2272d |
2d285f26ecd0
netfilter: nf_tables: free flowtable hooks on hook register error
|
|
INFO: rcu detected stall in ip_set_udel
netfilter
|
1 |
C |
done |
|
12 |
2331d |
2353d
|
15/29 |
2272d |
f66ee0410b1c
netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports
|
|
general protection fault in ip_set_comment_free
netfilter
|
2 |
C |
done |
|
19 |
2315d |
2351d
|
15/29 |
2272d |
8af1c6fbd923
netfilter: ipset: Fix forceadd evaluation path
|
|
KASAN: slab-out-of-bounds Read in bitmap_ip_add
netfilter
|
17 |
syz |
done |
done |
7 |
2348d |
2359d
|
15/29 |
2292d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup
netfilter
|
17 |
C |
done |
done |
8 |
2342d |
2358d
|
15/29 |
2300d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup
netfilter
|
17 |
C |
done |
done |
10 |
2351d |
2359d
|
15/29 |
2300d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy
netfilter
|
17 |
C |
done |
done |
2 |
2354d |
2353d
|
15/29 |
2300d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: slab-out-of-bounds Read in bitmap_ipmac_ext_cleanup
netfilter
|
17 |
C |
unreliable |
done |
15 |
2342d |
2358d
|
15/29 |
2300d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: slab-out-of-bounds Read in bitmap_port_destroy
netfilter
|
17 |
C |
done |
done |
2 |
2354d |
2354d
|
15/29 |
2300d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: use-after-free Read in bitmap_ip_ext_cleanup
netfilter
|
19 |
C |
done |
done |
2 |
2358d |
2359d
|
15/29 |
2324d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup
netfilter
|
19 |
C |
done |
done |
2 |
2358d |
2358d
|
15/29 |
2324d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: slab-out-of-bounds Write in bitmap_ip_del
netfilter
|
21 |
C |
done |
done |
7 |
2356d |
2358d
|
15/29 |
2324d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: use-after-free Read in bitmap_ip_destroy
netfilter
|
19 |
C |
done |
done |
1 |
2358d |
2358d
|
15/29 |
2328d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
WARNING in nft_request_module
netfilter
|
-1 |
C |
done |
|
7 |
2362d |
2362d
|
15/29 |
2329d |
9332d27d7918
netfilter: nf_tables: remove WARN and add NLA_STRING upper limits
|
|
KASAN: slab-out-of-bounds Read in bitmap_ip_list
netfilter
|
17 |
C |
|
|
85 |
2344d |
2360d
|
15/29 |
2329d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: use-after-free Read in bitmap_port_ext_cleanup
netfilter
|
19 |
C |
done |
|
11 |
2359d |
2367d
|
15/29 |
2329d |
c120959387ef
netfilter: fix a use-after-free in mtype_destroy()
|
|
KASAN: use-after-free Read in __nf_tables_abort
netfilter
|
19 |
C |
done |
|
3 |
2356d |
2358d
|
15/29 |
2329d |
eb014de4fd41
netfilter: nf_tables: autoload modules from the abort path
|
|
WARNING: suspicious RCU usage in find_set_and_id
netfilter
|
4 |
syz |
done |
|
6 |
2354d |
2356d
|
15/29 |
2329d |
5038517119d5
netfilter: ipset: fix suspicious RCU usage in find_set_and_id
|
|
BUG: corrupted list in nft_obj_del
netfilter
|
8 |
C |
done |
|
7 |
2360d |
2362d
|
15/29 |
2329d |
335178d5429c
netfilter: nf_tables: fix flowtable list del corruption
|
|
BUG: corrupted list in nf_tables_commit
netfilter
|
8 |
C |
done |
|
8 |
2362d |
2362d
|
15/29 |
2329d |
335178d5429c
netfilter: nf_tables: fix flowtable list del corruption
|
|
general protection fault in dccp_timeout_nlattr_to_obj
netfilter
|
2 |
C |
done |
|
7 |
2369d |
2371d
|
15/29 |
2329d |
1d9a7acd3d1e
netfilter: conntrack: dccp, sctp: handle null timeout argument
|
|
general protection fault in xt_rateest_tg_checkentry
netfilter
|
2 |
C |
done |
|
12 |
2372d |
2382d
|
15/29 |
2329d |
1b789577f655
netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
|
|
general protection fault in xt_rateest_put
netfilter
|
2 |
C |
done |
|
97 |
2359d |
2366d
|
15/29 |
2329d |
212e7f56605e
netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct
|
|
memory leak in nf_tables_parse_netdev_hooks
netfilter
|
3 |
C |
|
|
6 |
2332d |
2362d
|
15/29 |
2329d |
cd77e75b5e46
netfilter: nf_tables: fix memory leak in nf_tables_parse_netdev_hooks()
|
|
general protection fault in nft_chain_parse_hook
netfilter
|
2 |
C |
done |
|
48 |
2348d |
2362d
|
15/29 |
2329d |
826035498ec1
netfilter: nf_tables: add __nft_chain_type_get()
|
|
WARNING in nf_tables_table_destroy
netfilter
|
-1 |
C |
done |
done |
1 |
2360d |
2360d
|
15/29 |
2329d |
eb014de4fd41
netfilter: nf_tables: autoload modules from the abort path
|
|
KASAN: slab-out-of-bounds Read in bitmap_ip_gc
netfilter
|
17 |
C |
done |
|
15 |
2341d |
2360d
|
15/29 |
2329d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
general protection fault in nft_tunnel_get_init
netfilter
|
2 |
C |
done |
|
7 |
2362d |
2362d
|
15/29 |
2329d |
1c702bf902bd
netfilter: nft_tunnel: fix null-attribute check
|
|
KASAN: slab-out-of-bounds Read in bitmap_port_add
netfilter
|
17 |
syz |
done |
|
9 |
2353d |
2360d
|
15/29 |
2329d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: slab-out-of-bounds Read in bitmap_ip_test
netfilter
|
17 |
syz |
|
|
10 |
2349d |
2360d
|
15/29 |
2329d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
general protection fault in hash_ipportnet4_uadt
netfilter
|
2 |
C |
done |
|
13 |
2368d |
2371d
|
15/29 |
2329d |
22dad713b8a5
netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
|
|
KASAN: slab-out-of-bounds Read in bitmap_port_list
netfilter
|
17 |
C |
|
|
152 |
2352d |
2360d
|
15/29 |
2329d |
32c72165dbd0
netfilter: ipset: use bitmap infrastructure completely
|
|
KASAN: use-after-free Read in bitmap_port_destroy
netfilter
|
19 |
C |
|
|
1 |
2360d |
2360d
|
15/29 |
2329d |
c120959387ef
netfilter: fix a use-after-free in mtype_destroy()
|
|
KASAN: vmalloc-out-of-bounds Read in compat_copy_entries
netfilter
bridge
|
17 |
C |
done |
|
3 |
2394d |
2394d
|
15/29 |
2333d |
e608f631f0ba
netfilter: ebtables: compat: reject all padding in matches/watchers
|
|
KMSAN: uninit-value in nf_conntrack_tcp_packet
netfilter
|
7 |
syz |
|
|
3 |
2404d |
2407d
|
15/29 |
2370d |
9424e2e7ad93
net-backports: tcp: md5: fix potential overestimation of TCP option space
|
|
KASAN: use-after-free Read in nf_ct_deliver_cached_events
netfilter
|
19 |
C |
done |
|
169 |
2442d |
2448d
|
15/29 |
2396d |
ad88b7a6aa3e
netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks
|
|
WARNING in xt_compat_add_offset
netfilter
|
-1 |
C |
done |
|
18 |
2526d |
2690d
|
12/29 |
2504d |
3b48300d5cc7
netfilter: ebtables: also count base chain policies
|
|
KASAN: use-after-free Read in brnf_exit_net
bridge
netfilter
|
19 |
syz |
done |
|
3 |
2570d |
2573d
|
12/29 |
2526d |
7e6daf50e1f4
netfilter: bridge: prevent UAF in brnf_exit_net()
|
|
general protection fault in nf_ct_gre_keymap_flush
netfilter
|
2 |
C |
|
|
22 |
2714d |
2720d
|
11/29 |
2656d |
ac088a88b5d5
netfilter: conntrack: fix error path in nf_conntrack_pernet_init()
|
|
INFO: rcu detected stall in netlink_sendmsg
netfilter
|
1 |
syz |
|
|
83 |
2694d |
2750d
|
11/29 |
2678d |
12750abad517
xfrm: policy: fix infinite loop when merging src-nodes
|
|
WARNING in cttimeout_default_get
netfilter
|
-1 |
C |
|
|
44 |
2768d |
2787d
|
11/29 |
2767d |
89259088c1b7
netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too
|
|
general protection fault in icmp_timeout_obj_to_nlattr
netfilter
|
2 |
C |
|
|
13 |
2800d |
2804d
|
11/29 |
2791d |
8866df9264a3
netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr
|
|
general protection fault in ctnetlink_alloc_filter
netfilter
|
2 |
C |
|
|
80 |
2841d |
2844d
|
11/29 |
2791d |
9306425b70bf
netfilter: ctnetlink: must check mark attributes vs NULL
|
|
KMSAN: uninit-value in __nf_conntrack_find_get
netfilter
|
7 |
C |
|
|
67 |
2903d |
2910d
|
8/29 |
2887d |
6613b6173dee
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
|
|
KMSAN: uninit-value in nfqnl_recv_config (2)
netfilter
|
7 |
C |
|
|
10 |
2931d |
2946d
|
8/29 |
2917d |
ba062ebb2cd5
netfilter: nf_queue: augment nfqa_cfg_policy
|
|
KMSAN: uninit-value in ebt_stp_mt_check (2)
bridge
netfilter
|
7 |
C |
|
|
222 |
2917d |
2950d
|
8/29 |
2917d |
c568503ef020
netfilter: x_tables: initialise match/target check parameter struct
|
|
WARNING in ebt_do_table
bridge
netfilter
|
-1 |
C |
|
|
13 |
2926d |
2951d
|
8/29 |
2917d |
11ff7288beb2
netfilter: ebtables: reject non-bridge targets
|
|
KMSAN: uninit-value in ebt_stp_mt_check
netfilter
bridge
|
7 |
C |
|
|
211 |
2950d |
2995d
|
5/29 |
2950d |
a4995684a949
netfilter: bridge: stp fix reference to uninitialized data
|
|
KASAN: slab-out-of-bounds Read in nla_strlcpy
netfilter
|
17 |
C |
|
|
34 |
2954d |
2966d
|
5/29 |
2950d |
4b83a9049a98
netfilter: provide correct argument to nla_strlcpy()
|
|
KASAN: use-after-free Read in nla_strlcpy
netfilter
|
19 |
C |
|
|
59 |
2954d |
2966d
|
5/29 |
2950d |
4b83a9049a98
netfilter: provide correct argument to nla_strlcpy()
|
|
KASAN: stack-out-of-bounds Write in compat_copy_entries
netfilter
bridge
|
21 |
syz |
|
|
10 |
2955d |
2993d
|
5/29 |
2950d |
94c752f99954
netfilter: ebtables: handle string from userspace with care
|
|
KASAN: slab-out-of-bounds Read in clusterip_tg_check
netfilter
|
17 |
C |
|
|
22 |
3073d |
3079d
|
5/29 |
2974d |
1a38956cce5e
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
|
|
INFO: trying to register non-static key in del_timer_sync
netfilter
|
-1 |
C |
|
|
89 |
3053d |
3079d
|
5/29 |
2974d |
10414014bc08
netfilter: x_tables: fix missing timer initialization in xt_LED
|
|
BUG: unable to handle kernel paging request in cgroup_mt_destroy_v1
netfilter
|
8 |
C |
|
|
3 |
3076d |
3076d
|
5/29 |
2975d |
ba7cd5d95f25
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
|
|
KASAN: use-after-free Write in xt_rateest_put
netfilter
|
22 |
C |
|
|
7 |
3077d |
3079d
|
5/29 |
2975d |
7dc68e98757a
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
|
|
KMSAN: uninit-value in iptable_mangle_hook
netfilter
|
7 |
C |
|
|
1134 |
2979d |
3011d
|
5/29 |
2979d |
b855ff827476
dccp: initialize ireq->ir_mark
|
|
KMSAN: uninit-value in ip6table_mangle_hook
netfilter
|
7 |
C |
|
|
601 |
2980d |
3011d
|
5/29 |
2979d |
b855ff827476
dccp: initialize ireq->ir_mark
|
|
BUG: unable to handle kernel paging request in compat_copy_entries
netfilter
bridge
|
8 |
syz |
|
|
5 |
3046d |
3044d
|
5/29 |
2993d |
b71812168571
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
|
|
WARNING in xt_cluster_mt
netfilter
|
-1 |
C |
|
|
4 |
3049d |
3049d
|
5/29 |
3012d |
aebfa52a925d
netfilter: drop template ct when conntrack is skipped.
|
|
WARNING in __xlate_proc_name
netfilter
|
-1 |
C |
|
|
11 |
3044d |
3080d
|
4/29 |
3025d |
b1d0a5d0cba4
netfilter: x_tables: add and use xt_check_proc_name
|
|
BUG: unable to handle kernel paging request in ebt_among_mt_check (2)
netfilter
bridge
|
8 |
C |
|
|
946 |
3025d |
3041d
|
4/29 |
3025d |
c8d70a700a5b
netfilter: bridge: ebt_among: add more missing match size checks
|
|
WARNING in __proc_create
netfilter
|
-1 |
C |
|
|
12 |
3046d |
3039d
|
4/29 |
3025d |
b1d0a5d0cba4
netfilter: x_tables: add and use xt_check_proc_name
|
|
KASAN: slab-out-of-bounds Read in ip6_route_me_harder
netfilter
|
17 |
C |
|
|
66 |
3044d |
3052d
|
4/29 |
3043d |
7d98386d55a5
netfilter: use skb_to_full_sk in ip6_route_me_harder
|
|
BUG: unable to handle kernel paging request in ebt_among_mt_check
bridge
netfilter
|
8 |
C |
|
|
823 |
3043d |
3058d
|
4/29 |
3043d |
c4585a2823ed
netfilter: bridge: ebt_among: add missing match size checks
|
|
WARNING in compat_copy_entries
netfilter
bridge
|
-1 |
C |
|
|
434 |
3043d |
3058d
|
4/29 |
3043d |
b71812168571
netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
|
|
KASAN: use-after-free Read in ip6_route_me_harder
netfilter
|
19 |
C |
|
|
44 |
3044d |
3052d
|
4/29 |
3043d |
7d98386d55a5
netfilter: use skb_to_full_sk in ip6_route_me_harder
|
|
KASAN: use-after-free Write in nf_nat_ipv6_manip_pkt
netfilter
|
22 |
C |
|
|
2 |
3059d |
3058d
|
4/29 |
3043d |
b078556aecd7
netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt
|
|
WARNING in __queue_work
netfilter
|
-1 |
C |
|
|
1 |
3060d |
3060d
|
4/29 |
3050d |
cfc2c7405333
netfilter: IDLETIMER: be syzkaller friendly
|
|
general protection fault in ip6t_do_table
netfilter
|
2 |
C |
|
|
8077 |
3054d |
3080d
|
4/29 |
3050d |
57ebd808a97d
netfilter: add back stackpointer size checks
|
|
kernel BUG at kernel/time/timer.c:LINE!
netfilter
|
-1 |
C |
|
|
18 |
3053d |
3065d
|
4/29 |
3050d |
10414014bc08
netfilter: x_tables: fix missing timer initialization in xt_LED
|
|
WARNING: bad unlock balance in hashlimit_mt_common
netfilter
|
4 |
C |
|
|
2059 |
3053d |
3066d
|
4/29 |
3050d |
de526f401284
netfilter: xt_hashlimit: fix lock imbalance
|
|
WARNING: proc registration bug in clusterip_tg_check
netfilter
|
-1 |
C |
|
|
779 |
3053d |
3071d
|
4/29 |
3050d |
b3e456fce9f5
netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation
|
|
WARNING: ODEBUG bug in led_tg_destroy
netfilter
|
-1 |
C |
|
|
4 |
3056d |
3064d
|
4/29 |
3050d |
10414014bc08
netfilter: x_tables: fix missing timer initialization in xt_LED
|
|
divide error in nf_nat_l4proto_unique_tuple
netfilter
|
2 |
C |
|
|
2 |
3065d |
3065d
|
4/29 |
3050d |
db57ccf0f2f4
netfilter: nat: cope with negative port range
|
|
WARNING: ODEBUG bug in __queue_work
netfilter
|
-1 |
C |
|
|
2 |
3060d |
3056d
|
4/29 |
3050d |
cfc2c7405333
netfilter: IDLETIMER: be syzkaller friendly
|
|
general protection fault in arpt_do_table
netfilter
|
2 |
C |
|
|
3 |
3055d |
3055d
|
4/29 |
3050d |
57ebd808a97d
netfilter: add back stackpointer size checks
|
|
KASAN: use-after-free Write in xt_rateest_tg_checkentry
netfilter
|
22 |
C |
|
|
2 |
3077d |
3079d
|
4/29 |
3065d |
7dc68e98757a
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
|
|
general protection fault in cgroup_mt_destroy_v1
netfilter
|
2 |
C |
|
|
91 |
3067d |
3079d
|
4/29 |
3065d |
ba7cd5d95f25
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
|
|
suspicious RCU usage at net/netfilter/ipset/ip_set_core.c:LINE
netfilter
|
-1 |
C |
|
|
38048 |
3097d |
3103d
|
4/29 |
3076d |
f998b6b10144
netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
|
|
general protection fault in get_info
netfilter
|
2 |
C |
|
|
760 |
3092d |
3095d
|
4/29 |
3076d |
e3eeacbac4ad
netfilter: x_tables: don't return garbage pointer on modprobe failure
|
|
general protection fault in nf_tables_dump_obj_done
netfilter
|
2 |
C |
|
|
976 |
3098d |
3104d
|
3/29 |
3089d |
8bea728dce89
netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done()
|
|
kernel BUG at lib/string.c:LINE!
netfilter
|
-1 |
C |
|
|
73 |
3190d |
3206d
|
3/29 |
3176d |
e466af75c074
netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
|