|
KMSAN: uninit-value in sctp_sf_ootb
sctp
|
C |
|
|
18 |
106d |
174d
|
28/28 |
67d |
0ead60804b64
sctp: properly validate chunk size in sctp_sf_ootb()
|
|
general protection fault in sctp_inet_listen
sctp
|
|
|
|
1 |
156d |
142d
|
28/28 |
96d |
8beee4d8dee7
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
|
|
memory leak in sctp_packet_transmit
sctp
|
C |
|
|
14 |
453d |
1670d
|
25/28 |
327d |
4e45170d9acc
net: sctp: fix skb leak in sctp_inq_free()
|
|
KCSAN: data-race in sctp_poll / sctp_wfree (3)
sctp
|
|
|
|
1 |
539d |
538d
|
23/28 |
493d |
dc9511dd6f37
sctp: annotate data-races around sk->sk_wmem_queued
|
|
general protection fault in sctp_outq_tail
sctp
|
C |
error |
|
5 |
685d |
697d
|
22/28 |
619d |
2584024b2355
sctp: check send stream number after wait_for_sndbuf
|
|
memory leak in sctp_sched_prio_set
sctp
|
C |
|
|
2 |
816d |
822d
|
22/28 |
723d |
9ed7bfc79542
sctp: fix memory leak in sctp_stream_outq_migrate()
|
|
KASAN: use-after-free Write in sctp_auth_shkey_hold (2)
sctp
|
C |
inconclusive |
|
7 |
875d |
874d
|
22/28 |
723d |
022152aaebe1
sctp: handle the error returned from sctp_auth_asoc_init_active_key
|
|
kernel panic: stack is corrupted in __kmalloc
sctp
integrity
lsm
|
|
|
|
4 |
728d |
982d
|
22/28 |
723d |
b81d591386c3
riscv: Increase stack size under KASAN
|
|
general protection fault in sctp_rcv
sctp
|
|
|
|
2 |
1242d |
1245d
|
20/28 |
1076d |
f7e745f8e944
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
|
|
KASAN: use-after-free Read in __lock_sock
sctp
|
syz |
done |
error |
26 |
1468d |
2284d
|
20/28 |
1076d |
5ec7d18d1813
sctp: use call_rcu to free endpoint
|
|
KASAN: use-after-free Read in sctp_do_8_2_transport_strike
sctp
|
|
|
|
1 |
1399d |
1399d
|
20/28 |
1195d |
35b4f24415c8
sctp: do asoc update earlier in sctp_sf_do_dupcook_a
|
|
KASAN: use-after-free Write in sctp_auth_shkey_hold
sctp
|
C |
done |
|
4 |
1307d |
1316d
|
20/28 |
1195d |
58acd1009226
sctp: update active_key for asoc when old key is being replaced
|
|
possible deadlock in sctp_addr_wq_timeout_handler
sctp
|
C |
done |
|
8 |
1388d |
1388d
|
20/28 |
1195d |
01bfe5e8e428
Revert "net/sctp: fix race condition in sctp_destroy_sock"
|
|
KASAN: use-after-free Read in sctp_auth_free
sctp
|
C |
done |
|
4 |
1592d |
1593d
|
15/28 |
1553d |
d42ee76ecb6c
net-backports: sctp: fix sctp_auth_init_hmacs() error path
|
|
KASAN: slab-out-of-bounds Write in sctp_setsockopt
sctp
|
C |
error |
|
590 |
1665d |
1670d
|
15/28 |
1614d |
dfd3d5266dc1
sctp: fix slab-out-of-bounds in SCTP_DELAYED_SACK processing
|
|
KASAN: wild-memory-access Read in sctp_setsockopt
sctp
|
C |
|
|
2 |
1648d |
1648d
|
15/28 |
1614d |
519a8a6cf91d
net: Revert "net: optimize the sockptr_t for unified kernel/user address spaces"
|
|
WARNING: refcount bug in sctp_wfree
sctp
|
C |
done |
|
20 |
1784d |
1805d
|
15/28 |
1743d |
5c3e82fe1596
sctp: fix refcount bug in sctp_wfree
|
|
memory leak in _sctp_make_chunk
sctp
|
C |
|
|
1 |
1889d |
1889d
|
15/28 |
1825d |
be7a77292077
sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
|
|
memory leak in sctp_stream_init
sctp
|
C |
|
|
1 |
1891d |
1890d
|
15/28 |
1830d |
951c6db954a1
sctp: fix memleak on err handling of stream initialization
|
|
general protection fault in sctp_stream_free (2)
sctp
|
C |
done |
|
25 |
1875d |
1886d
|
15/28 |
1830d |
61d5d4062876
sctp: fix err handling of stream initialization
|
|
KCSAN: data-race in sctp_assoc_migrate / sctp_hash_obj
sctp
|
|
|
|
12 |
1901d |
1928d
|
15/28 |
1893d |
312434617cb1
sctp: cache netns in sctp_ep_common
|
|
memory leak in sctp_get_port_local (3)
sctp
|
C |
|
|
4 |
1947d |
1953d
|
13/28 |
1931d |
63dfb7938b13
sctp: change sctp_prot .no_autobind with true
|
|
memory leak in sctp_stream_init_ext
sctp
|
C |
|
|
34 |
1953d |
2088d
|
13/28 |
1938d |
3c52b0af059e
lib/generic-radix-tree.c: add kmemleak annotations
|
|
kernel BUG at include/linux/skbuff.h:LINE! (2)
sctp
|
C |
done |
|
58 |
2001d |
2011d
|
13/28 |
1951d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
|
KASAN: slab-out-of-bounds Read in sctp_inq_pop
sctp
|
|
|
|
1 |
2003d |
2001d
|
13/28 |
1951d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
|
general protection fault in sctp_inq_pop
sctp
|
|
|
|
4 |
2002d |
2005d
|
13/28 |
1951d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
|
memory leak in sctp_get_port_local (2)
sctp
|
C |
|
|
34 |
1961d |
2019d
|
13/28 |
1957d |
29b99f54a8e6
sctp: destroy bucket if failed to bind addr
|
|
memory leak in sctp_send_reset_streams
sctp
|
C |
|
|
7 |
2011d |
2088d
|
13/28 |
1962d |
6d5afe20397b
sctp: fix memleak in sctp_send_reset_streams
|
|
memory leak in sctp_get_port_local
sctp
|
C |
|
|
28 |
2024d |
2091d
|
12/28 |
2022d |
9b6c08878e23
sctp: not bind the socket in sctp_connect
|
|
general protection fault in sctp_sched_prio_sched
sctp
|
C |
done |
|
3 |
2059d |
2073d
|
12/28 |
2022d |
4d1415811e49
sctp: fix error handling on stream scheduler initialization
|
|
memory leak in sctp_v6_create_accept_sk
sctp
|
C |
|
|
1 |
2086d |
2086d
|
12/28 |
2029d |
25bff6d5478b
sctp: change to hold sk after auth shkey is created successfully
|
|
memory leak in sctp_v4_create_accept_sk
sctp
|
C |
|
|
1 |
2066d |
2065d
|
12/28 |
2029d |
25bff6d5478b
sctp: change to hold sk after auth shkey is created successfully
|
|
memory leak in sctp_process_init
sctp
|
C |
|
|
10 |
2072d |
2092d
|
12/28 |
2048d |
0a8dd9f67cd0
Fix memory leak in sctp_process_init
ce950f1050ce
sctp: Free cookie before we memdup a new one
|
|
general protection fault in sctp_sched_dequeue_common (2)
sctp
|
C |
done |
|
3 |
2166d |
2166d
|
12/28 |
2065d |
2e990dfd1397
sctp: remove sched init from sctp_stream_init
|
|
KMSAN: kernel-infoleak in sctp_getsockopt (3)
sctp
|
syz |
|
|
11 |
2140d |
2152d
|
12/28 |
2137d |
09279e615c81
sctp: initialize _pad of sockaddr_in before copying to user memory
|
|
general protection fault in sctp_assoc_rwnd_increase
sctp
|
C |
done |
|
28 |
2153d |
2168d
|
12/28 |
2139d |
636d25d557d1
sctp: not copy sctp_sock pd_lobby in sctp_copy_descendant
|
|
general protection fault in sctp_sched_rr_dequeue
sctp
|
C |
done |
|
11 |
2165d |
2175d
|
11/28 |
2152d |
2e990dfd1397
sctp: remove sched init from sctp_stream_init
|
|
KASAN: use-after-free Read in sctp_outq_tail
sctp
|
|
|
|
1 |
2197d |
2196d
|
11/28 |
2175d |
af98c5a78517
sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
|
|
KASAN: invalid-free in sctp_stream_free
sctp
|
C |
|
|
5 |
2197d |
2204d
|
11/28 |
2175d |
af98c5a78517
sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
|
|
general protection fault in sctp_sched_dequeue_common
sctp
|
|
|
|
6 |
2190d |
2280d
|
11/28 |
2175d |
cfe4bd7a257f
sctp: check and update stream->out_curr when allocating stream_out
|
|
KMSAN: kernel-infoleak in sctp_getsockopt (2)
sctp
|
C |
|
|
16 |
2175d |
2225d
|
11/28 |
2175d |
400b8b9a2a17
sctp: allocate sctp_sockaddr_entry with kzalloc
|
|
KMSAN: kernel-infoleak in sctp_getsockopt
sctp
|
syz |
|
|
147 |
2229d |
2265d
|
11/28 |
2229d |
4a2eb0c37b47
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
|
|
KASAN: use-after-free Read in sctp_hash_transport
sctp
|
|
|
|
1 |
2283d |
2282d
|
11/28 |
2252d |
fb6df5a6234c
sctp: kfree_rcu asoc
|
|
KASAN: use-after-free Read in sctp_epaddr_lookup_transport
sctp
|
syz |
|
|
5 |
2283d |
2284d
|
11/28 |
2252d |
fb6df5a6234c
sctp: kfree_rcu asoc
|
|
KASAN: slab-out-of-bounds Read in sctp_getsockopt
sctp
|
C |
|
|
9 |
2306d |
2305d
|
11/28 |
2288d |
713358369382
sctp: check policy more carefully when getting pr status
|
|
KASAN: use-after-free Read in sctp_outq_select_transport
sctp
|
|
|
|
1 |
2309d |
2308d
|
11/28 |
2288d |
df132eff4638
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
|
|
KASAN: use-after-free Read in sctp_id2assoc
sctp
|
|
|
|
1 |
2328d |
2327d
|
11/28 |
2302d |
b336decab221
sctp: fix race on sctp_id2asoc
|
|
KASAN: use-after-free Read in sctp_transport_get_next
sctp
|
C |
|
|
6 |
2366d |
2369d
|
10/28 |
2351d |
bab1be79a516
sctp: hold transport before accessing its asoc in sctp_transport_get_next
|
|
WARNING in sctp_assoc_update_frag_point
sctp
|
|
|
|
5 |
2406d |
2428d
|
8/28 |
2385d |
a65925475571
sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
|
|
INFO: rcu detected stall in kmem_cache_alloc_node_trace
sctp
|
|
|
|
1 |
2502d |
2484d
|
8/28 |
2414d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
INFO: rcu detected stall in sctp_packet_transmit
sctp
|
|
|
|
1 |
2469d |
2468d
|
8/28 |
2414d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
INFO: rcu detected stall in sctp_chunk_put
sctp
|
|
|
|
1 |
2453d |
2452d
|
8/28 |
2414d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
INFO: rcu detected stall in sctp_generate_heartbeat_event
sctp
|
|
|
|
2 |
2467d |
2477d
|
8/28 |
2414d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
INFO: rcu detected stall in save_stack_trace
sctp
|
C |
|
|
1 |
2465d |
2463d
|
8/28 |
2414d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
KASAN: use-after-free Read in sctp_do_sm
sctp
|
|
|
|
2 |
2476d |
2476d
|
5/28 |
2467d |
6910e25de225
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
|
|
KMSAN: uninit-value in __sctp_v6_cmp_addr
sctp
|
C |
|
|
1109 |
2468d |
2469d
|
5/28 |
2468d |
d625329b06e4
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
|
|
KASAN: slab-out-of-bounds Read in __sctp_v6_cmp_addr
sctp
|
C |
|
|
3202 |
2480d |
2492d
|
5/28 |
2468d |
d625329b06e4
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
|
|
KASAN: use-after-free Read in sctp_association_free (2)
sctp
|
C |
|
|
2 |
2536d |
2536d
|
5/28 |
2476d |
0aee4c259849
sctp: Fix double free in sctp_sendmsg_to_asoc
|
|
BUG: corrupted list in sctp_association_free
sctp
|
|
|
|
1 |
2537d |
2533d
|
5/28 |
2476d |
d98985dd6c2d
sctp: fix error return code in sctp_sendmsg_new_asoc()
|
|
KMSAN: uninit-value in sctp_sendmsg
sctp
|
syz |
|
|
27 |
2477d |
2506d
|
5/28 |
2476d |
81e98370293a
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
|
|
KMSAN: uninit-value in sctp_do_bind
sctp
|
C |
|
|
31 |
2477d |
2506d
|
5/28 |
2476d |
81e98370293a
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
|
|
WARNING in refcount_sub_and_test
sctp
|
C |
|
|
75150 |
2571d |
2672d
|
4/28 |
2533d |
d04adf1b3551
sctp: reset owner sk for data chunks on out queues when migrating a sock
|
|
KASAN: slab-out-of-bounds Read in sctp_send_reset_streams
sctp
|
C |
|
|
73 |
2615d |
2626d
|
4/28 |
2572d |
2342b8d95bca
sctp: make sure stream nums can match optlen in sctp_setsockopt_reset_streams
|
|
KASAN: use-after-free Read in sctp_association_free
sctp
|
C |
|
|
20 |
2649d |
2664d
|
4/28 |
2572d |
ca3af4dd28cf
sctp: do not free asoc when it is already dead in sctp_sendmsg
|
|
BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free
sctp
|
|
|
|
2 |
2617d |
2615d
|
4/28 |
2574d |
79d0895140e9
sctp: fix error path in sctp_stream_init
|
|
general protection fault in sctp_stream_free
sctp
|
|
|
|
17 |
2620d |
2660d
|
4/28 |
2574d |
79d0895140e9
sctp: fix error path in sctp_stream_init
|
|
general protection fault in skb_segment
sctp
|
C |
|
|
7 |
2596d |
2606d
|
4/28 |
2576d |
121d57af308d
gso: validate gso_type in GSO handlers
|
|
general protection fault in sctp_v6_get_dst
sctp
|
C |
|
|
6 |
2594d |
2594d
|
4/28 |
2582d |
c5006b8aa745
sctp: do not allow the v4 socket to bind a v4mapped v6 address
|
|
WARNING: held lock freed!
sctp
|
C |
|
|
497 |
2586d |
2597d
|
4/28 |
2582d |
a0ff660058b8
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
|
|
kernel BUG at net/core/skbuff.c:LINE!
sctp
|
|
|
|
5 |
2672d |
2743d
|
3/28 |
2669d |
c780a049f9bf
ipv4: better IP_MAX_MTU enforcement
|