|
memory leak in sctp_packet_transmit
sctp
|
C |
|
|
14 |
146d |
1363d
|
26/26 |
20d |
4e45170d9acc
net: sctp: fix skb leak in sctp_inq_free()
|
|
KCSAN: data-race in sctp_poll / sctp_wfree (3)
sctp
|
|
|
|
1 |
232d |
231d
|
23/26 |
186d |
dc9511dd6f37
sctp: annotate data-races around sk->sk_wmem_queued
|
|
general protection fault in sctp_outq_tail
sctp
|
C |
error |
|
5 |
378d |
390d
|
22/26 |
312d |
2584024b2355
sctp: check send stream number after wait_for_sndbuf
|
|
memory leak in sctp_sched_prio_set
sctp
|
C |
|
|
2 |
509d |
515d
|
22/26 |
416d |
9ed7bfc79542
sctp: fix memory leak in sctp_stream_outq_migrate()
|
|
KASAN: use-after-free Write in sctp_auth_shkey_hold (2)
sctp
|
C |
inconclusive |
|
7 |
568d |
567d
|
22/26 |
416d |
022152aaebe1
sctp: handle the error returned from sctp_auth_asoc_init_active_key
|
|
kernel panic: stack is corrupted in __kmalloc
sctp
integrity
lsm
|
|
|
|
4 |
422d |
675d
|
22/26 |
416d |
b81d591386c3
riscv: Increase stack size under KASAN
|
|
general protection fault in sctp_rcv
sctp
|
|
|
|
2 |
935d |
938d
|
20/26 |
769d |
f7e745f8e944
sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
|
|
KASAN: use-after-free Read in __lock_sock
sctp
|
syz |
done |
error |
26 |
1161d |
1977d
|
20/26 |
769d |
5ec7d18d1813
sctp: use call_rcu to free endpoint
|
|
KASAN: use-after-free Read in sctp_do_8_2_transport_strike
sctp
|
|
|
|
1 |
1092d |
1092d
|
20/26 |
888d |
35b4f24415c8
sctp: do asoc update earlier in sctp_sf_do_dupcook_a
|
|
KASAN: use-after-free Write in sctp_auth_shkey_hold
sctp
|
C |
done |
|
4 |
1001d |
1009d
|
20/26 |
888d |
58acd1009226
sctp: update active_key for asoc when old key is being replaced
|
|
possible deadlock in sctp_addr_wq_timeout_handler
sctp
|
C |
done |
|
8 |
1081d |
1081d
|
20/26 |
888d |
01bfe5e8e428
Revert "net/sctp: fix race condition in sctp_destroy_sock"
|
|
KASAN: use-after-free Read in sctp_auth_free
sctp
|
C |
done |
|
4 |
1285d |
1286d
|
15/26 |
1246d |
d42ee76ecb6c
net-backports: sctp: fix sctp_auth_init_hmacs() error path
|
|
KASAN: slab-out-of-bounds Write in sctp_setsockopt
sctp
|
C |
error |
|
590 |
1358d |
1363d
|
15/26 |
1307d |
dfd3d5266dc1
sctp: fix slab-out-of-bounds in SCTP_DELAYED_SACK processing
|
|
KASAN: wild-memory-access Read in sctp_setsockopt
sctp
|
C |
|
|
2 |
1341d |
1341d
|
15/26 |
1307d |
519a8a6cf91d
net: Revert "net: optimize the sockptr_t for unified kernel/user address spaces"
|
|
WARNING: refcount bug in sctp_wfree
sctp
|
C |
done |
|
20 |
1477d |
1498d
|
15/26 |
1437d |
5c3e82fe1596
sctp: fix refcount bug in sctp_wfree
|
|
memory leak in _sctp_make_chunk
sctp
|
C |
|
|
1 |
1582d |
1582d
|
15/26 |
1518d |
be7a77292077
sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
|
|
memory leak in sctp_stream_init
sctp
|
C |
|
|
1 |
1584d |
1583d
|
15/26 |
1523d |
951c6db954a1
sctp: fix memleak on err handling of stream initialization
|
|
general protection fault in sctp_stream_free (2)
sctp
|
C |
done |
|
25 |
1568d |
1579d
|
15/26 |
1523d |
61d5d4062876
sctp: fix err handling of stream initialization
|
|
KCSAN: data-race in sctp_assoc_migrate / sctp_hash_obj
sctp
|
|
|
|
12 |
1594d |
1621d
|
15/26 |
1586d |
312434617cb1
sctp: cache netns in sctp_ep_common
|
|
memory leak in sctp_get_port_local (3)
sctp
|
C |
|
|
4 |
1640d |
1646d
|
13/26 |
1624d |
63dfb7938b13
sctp: change sctp_prot .no_autobind with true
|
|
memory leak in sctp_stream_init_ext
sctp
|
C |
|
|
34 |
1646d |
1781d
|
13/26 |
1631d |
3c52b0af059e
lib/generic-radix-tree.c: add kmemleak annotations
|
|
kernel BUG at include/linux/skbuff.h:LINE! (2)
sctp
|
C |
done |
|
58 |
1694d |
1704d
|
13/26 |
1644d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
|
KASAN: slab-out-of-bounds Read in sctp_inq_pop
sctp
|
|
|
|
1 |
1697d |
1694d
|
13/26 |
1644d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
|
general protection fault in sctp_inq_pop
sctp
|
|
|
|
4 |
1695d |
1698d
|
13/26 |
1644d |
c7a42eb49212
net: ipv6: fix listify ip6_rcv_finish in case of forwarding
|
|
memory leak in sctp_get_port_local (2)
sctp
|
C |
|
|
34 |
1654d |
1712d
|
13/26 |
1651d |
29b99f54a8e6
sctp: destroy bucket if failed to bind addr
|
|
memory leak in sctp_send_reset_streams
sctp
|
C |
|
|
7 |
1705d |
1781d
|
13/26 |
1655d |
6d5afe20397b
sctp: fix memleak in sctp_send_reset_streams
|
|
memory leak in sctp_get_port_local
sctp
|
C |
|
|
28 |
1717d |
1784d
|
12/26 |
1715d |
9b6c08878e23
sctp: not bind the socket in sctp_connect
|
|
general protection fault in sctp_sched_prio_sched
sctp
|
C |
done |
|
3 |
1752d |
1766d
|
12/26 |
1715d |
4d1415811e49
sctp: fix error handling on stream scheduler initialization
|
|
memory leak in sctp_v6_create_accept_sk
sctp
|
C |
|
|
1 |
1780d |
1779d
|
12/26 |
1722d |
25bff6d5478b
sctp: change to hold sk after auth shkey is created successfully
|
|
memory leak in sctp_v4_create_accept_sk
sctp
|
C |
|
|
1 |
1759d |
1758d
|
12/26 |
1722d |
25bff6d5478b
sctp: change to hold sk after auth shkey is created successfully
|
|
memory leak in sctp_process_init
sctp
|
C |
|
|
10 |
1765d |
1785d
|
12/26 |
1741d |
0a8dd9f67cd0
Fix memory leak in sctp_process_init
ce950f1050ce
sctp: Free cookie before we memdup a new one
|
|
general protection fault in sctp_sched_dequeue_common (2)
sctp
|
C |
done |
|
3 |
1859d |
1859d
|
12/26 |
1758d |
2e990dfd1397
sctp: remove sched init from sctp_stream_init
|
|
KMSAN: kernel-infoleak in sctp_getsockopt (3)
sctp
|
syz |
|
|
11 |
1833d |
1845d
|
12/26 |
1831d |
09279e615c81
sctp: initialize _pad of sockaddr_in before copying to user memory
|
|
general protection fault in sctp_assoc_rwnd_increase
sctp
|
C |
done |
|
28 |
1846d |
1861d
|
12/26 |
1832d |
636d25d557d1
sctp: not copy sctp_sock pd_lobby in sctp_copy_descendant
|
|
general protection fault in sctp_sched_rr_dequeue
sctp
|
C |
done |
|
11 |
1858d |
1868d
|
11/26 |
1845d |
2e990dfd1397
sctp: remove sched init from sctp_stream_init
|
|
KASAN: use-after-free Read in sctp_outq_tail
sctp
|
|
|
|
1 |
1890d |
1889d
|
11/26 |
1868d |
af98c5a78517
sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
|
|
KASAN: invalid-free in sctp_stream_free
sctp
|
C |
|
|
5 |
1890d |
1897d
|
11/26 |
1868d |
af98c5a78517
sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
|
|
general protection fault in sctp_sched_dequeue_common
sctp
|
|
|
|
6 |
1883d |
1973d
|
11/26 |
1868d |
cfe4bd7a257f
sctp: check and update stream->out_curr when allocating stream_out
|
|
KMSAN: kernel-infoleak in sctp_getsockopt (2)
sctp
|
C |
|
|
16 |
1868d |
1918d
|
11/26 |
1868d |
400b8b9a2a17
sctp: allocate sctp_sockaddr_entry with kzalloc
|
|
KMSAN: kernel-infoleak in sctp_getsockopt
sctp
|
syz |
|
|
147 |
1922d |
1958d
|
11/26 |
1922d |
4a2eb0c37b47
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
|
|
KASAN: use-after-free Read in sctp_hash_transport
sctp
|
|
|
|
1 |
1976d |
1975d
|
11/26 |
1945d |
fb6df5a6234c
sctp: kfree_rcu asoc
|
|
KASAN: use-after-free Read in sctp_epaddr_lookup_transport
sctp
|
syz |
|
|
5 |
1976d |
1977d
|
11/26 |
1945d |
fb6df5a6234c
sctp: kfree_rcu asoc
|
|
KASAN: slab-out-of-bounds Read in sctp_getsockopt
sctp
|
C |
|
|
9 |
1999d |
1998d
|
11/26 |
1981d |
713358369382
sctp: check policy more carefully when getting pr status
|
|
KASAN: use-after-free Read in sctp_outq_select_transport
sctp
|
|
|
|
1 |
2002d |
2002d
|
11/26 |
1981d |
df132eff4638
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
|
|
KASAN: use-after-free Read in sctp_id2assoc
sctp
|
|
|
|
1 |
2021d |
2021d
|
11/26 |
1995d |
b336decab221
sctp: fix race on sctp_id2asoc
|
|
KASAN: use-after-free Read in sctp_transport_get_next
sctp
|
C |
|
|
6 |
2059d |
2062d
|
10/26 |
2044d |
bab1be79a516
sctp: hold transport before accessing its asoc in sctp_transport_get_next
|
|
WARNING in sctp_assoc_update_frag_point
sctp
|
|
|
|
5 |
2099d |
2121d
|
8/26 |
2078d |
a65925475571
sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
|
|
INFO: rcu detected stall in kmem_cache_alloc_node_trace
sctp
|
|
|
|
1 |
2195d |
2177d
|
8/26 |
2107d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
INFO: rcu detected stall in sctp_packet_transmit
sctp
|
|
|
|
1 |
2162d |
2162d
|
8/26 |
2107d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
INFO: rcu detected stall in sctp_chunk_put
sctp
|
|
|
|
1 |
2146d |
2146d
|
8/26 |
2107d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
INFO: rcu detected stall in sctp_generate_heartbeat_event
sctp
|
|
|
|
2 |
2160d |
2170d
|
8/26 |
2107d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
INFO: rcu detected stall in save_stack_trace
sctp
|
C |
|
|
1 |
2158d |
2156d
|
8/26 |
2107d |
1d88ba1ebb27
sctp: not allow transport timeout value less than HZ/5 for hb_timer
|
|
KASAN: use-after-free Read in sctp_do_sm
sctp
|
|
|
|
2 |
2169d |
2169d
|
5/26 |
2161d |
6910e25de225
sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg
|
|
KMSAN: uninit-value in __sctp_v6_cmp_addr
sctp
|
C |
|
|
1109 |
2162d |
2162d
|
5/26 |
2161d |
d625329b06e4
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
|
|
KASAN: slab-out-of-bounds Read in __sctp_v6_cmp_addr
sctp
|
C |
|
|
3202 |
2173d |
2185d
|
5/26 |
2162d |
d625329b06e4
sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
|
|
BUG: corrupted list in sctp_association_free
sctp
|
|
|
|
1 |
2230d |
2226d
|
5/26 |
2169d |
d98985dd6c2d
sctp: fix error return code in sctp_sendmsg_new_asoc()
|
|
KMSAN: uninit-value in sctp_sendmsg
sctp
|
syz |
|
|
27 |
2170d |
2199d
|
5/26 |
2169d |
81e98370293a
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
|
|
KASAN: use-after-free Read in sctp_association_free (2)
sctp
|
C |
|
|
2 |
2229d |
2229d
|
5/26 |
2169d |
0aee4c259849
sctp: Fix double free in sctp_sendmsg_to_asoc
|
|
KMSAN: uninit-value in sctp_do_bind
sctp
|
C |
|
|
31 |
2170d |
2200d
|
5/26 |
2169d |
81e98370293a
sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6
|
|
WARNING in refcount_sub_and_test
sctp
|
C |
|
|
75150 |
2264d |
2365d
|
4/26 |
2227d |
d04adf1b3551
sctp: reset owner sk for data chunks on out queues when migrating a sock
|
|
KASAN: slab-out-of-bounds Read in sctp_send_reset_streams
sctp
|
C |
|
|
73 |
2308d |
2320d
|
4/26 |
2266d |
2342b8d95bca
sctp: make sure stream nums can match optlen in sctp_setsockopt_reset_streams
|
|
KASAN: use-after-free Read in sctp_association_free
sctp
|
C |
|
|
20 |
2342d |
2357d
|
4/26 |
2266d |
ca3af4dd28cf
sctp: do not free asoc when it is already dead in sctp_sendmsg
|
|
BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free
sctp
|
|
|
|
2 |
2310d |
2308d
|
4/26 |
2267d |
79d0895140e9
sctp: fix error path in sctp_stream_init
|
|
general protection fault in sctp_stream_free
sctp
|
|
|
|
17 |
2313d |
2354d
|
4/26 |
2267d |
79d0895140e9
sctp: fix error path in sctp_stream_init
|
|
general protection fault in skb_segment
sctp
|
C |
|
|
7 |
2289d |
2299d
|
4/26 |
2269d |
121d57af308d
gso: validate gso_type in GSO handlers
|
|
general protection fault in sctp_v6_get_dst
sctp
|
C |
|
|
6 |
2287d |
2287d
|
4/26 |
2275d |
c5006b8aa745
sctp: do not allow the v4 socket to bind a v4mapped v6 address
|
|
WARNING: held lock freed!
sctp
|
C |
|
|
497 |
2279d |
2290d
|
4/26 |
2275d |
a0ff660058b8
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
|
|
kernel BUG at net/core/skbuff.c:LINE!
sctp
|
|
|
|
5 |
2365d |
2436d
|
3/26 |
2363d |
c780a049f9bf
ipv4: better IP_MAX_MTU enforcement
|