[PATCH 0/1][SRU][E] IPv6 DoS (LP: #1847478)

Sultan Alsawaf sultan.alsawaf at canonical.com
Wed Oct 9 18:21:18 UTC 2019


Acked-by: Sultan Alsawaf <sultan.alsawaf at canonical.com>

On Wed, Oct 9, 2019, 11:00 AM Tyler Hicks <tyhicks at canonical.com> wrote:

> BugLink: https://launchpad.net/bugs/1847478
>
> [Impact]
>
> An unprivileged local attacker could cause a denial of service, or
> possibly execute arbitrary code due to an ipv6 regression.
>
> [Test Case]
>
> An unpatched system will crash with the following command:
>
> $ unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set
> dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table
> main suppress_prefixlength 0 && ping -f 1234::1'
>
> [Regression Potential]
>
> Low. The change could theoretically introduce a memory leak but that
> would still be an improvement over immediate loss of system
> availability.
>
>
> Clean cherry pick. Build logs are clean. I've successfully tested with
> the one-liner in the [Test Case]. I did not run the newly added net
> selftest since it is the same as the one-liner.
>
> Tyler
>
> Jason A. Donenfeld (1):
>   ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule
>
>  net/ipv6/fib6_rules.c                    |  3 ++-
>  tools/testing/selftests/net/fib_tests.sh | 17 ++++++++++++++++-
>  2 files changed, 18 insertions(+), 2 deletions(-)
>
> --
> 2.17.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20191009/058522ae/attachment.html>


More information about the kernel-team mailing list