APPLIED: [PATCH 0/1][SRU][E] IPv6 DoS (LP: #1847478)
Kleber Souza
kleber.souza at canonical.com
Wed Oct 16 15:55:23 UTC 2019
On 09.10.19 19:59, Tyler Hicks wrote:
> BugLink: https://launchpad.net/bugs/1847478
>
> [Impact]
>
> An unprivileged local attacker could cause a denial of service, or
> possibly execute arbitrary code due to an ipv6 regression.
>
> [Test Case]
>
> An unpatched system will crash with the following command:
>
> $ unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set
> dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table
> main suppress_prefixlength 0 && ping -f 1234::1'
>
> [Regression Potential]
>
> Low. The change could theoretically introduce a memory leak but that
> would still be an improvement over immediate loss of system
> availability.
>
>
> Clean cherry pick. Build logs are clean. I've successfully tested with
> the one-liner in the [Test Case]. I did not run the newly added net
> selftest since it is the same as the one-liner.
>
> Tyler
>
> Jason A. Donenfeld (1):
> ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule
>
> net/ipv6/fib6_rules.c | 3 ++-
> tools/testing/selftests/net/fib_tests.sh | 17 ++++++++++++++++-
> 2 files changed, 18 insertions(+), 2 deletions(-)
>
Applied to eoan/master-next branch.
Thanks,
Kleber
More information about the kernel-team
mailing list