[PATCH 0/1][SRU][E] IPv6 DoS (LP: #1847478)
Tyler Hicks
tyhicks at canonical.com
Wed Oct 9 17:59:29 UTC 2019
BugLink: https://launchpad.net/bugs/1847478
[Impact]
An unprivileged local attacker could cause a denial of service, or
possibly execute arbitrary code due to an ipv6 regression.
[Test Case]
An unpatched system will crash with the following command:
$ unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set
dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table
main suppress_prefixlength 0 && ping -f 1234::1'
[Regression Potential]
Low. The change could theoretically introduce a memory leak but that
would still be an improvement over immediate loss of system
availability.
Clean cherry pick. Build logs are clean. I've successfully tested with
the one-liner in the [Test Case]. I did not run the newly added net
selftest since it is the same as the one-liner.
Tyler
Jason A. Donenfeld (1):
ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule
net/ipv6/fib6_rules.c | 3 ++-
tools/testing/selftests/net/fib_tests.sh | 17 ++++++++++++++++-
2 files changed, 18 insertions(+), 2 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list