Jakub Sitnicki

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The vulnerability is related to the Linux kernel's sockmap component, where a hard-coded assumption in the call-chain expects the egress socket to be a TCP socket. However, with the introduction of redirects to non-TCP sockets in commit 122e6c79efe1 for BPF sk skb programs, attempts to send-to-egress through a non-TCP socket can lead to a crash due to an invalid downcast from sock to tcp sock, resulting in a kernel NULL pointer dereference. When attempted, the user will receive an EACCES error from send/sendto/sendmsg() syscall. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue is related to the protection check for psock vs ULP. The `inet csk has ulp(sk)` check was moved from `sk psock init()` to the new `tcp bpf update proto()` function, potentially allowing the creation of psocks for non-inet sockets. However, the destruction path for psock includes the ULP unwind, requiring the `sk psock init()` to fail if ULP is already present. Otherwise, it may result in the ULP looping its callbacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.