[SRU][F/J/L][PATCH 0/1] CVE-2023-42754
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Oct 18 22:49:12 UTC 2023
[Impact]
A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack.
The socket buffer (skb) was assumed to be associated with a device before
calling __ip_options_compile, which is not always the case if the skb is
re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN
privileges to crash the system.
[Backport]
It's a clean backport.
[Test]
Tested against [the poc](https://vuldb.com/?exploit_url.241116) with
privilege since the exploit requires it.
[Potential Regression]
Expect very low regression potential.
Kyle Zeng (1):
ipv4: fix null-deref in ipv4_link_failure
net/ipv4/route.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list