ACK: [SRU][F/J/L][PATCH 0/1] CVE-2023-42754
Tim Gardner
tim.gardner at canonical.com
Thu Oct 19 12:50:47 UTC 2023
On 10/18/23 4:49 PM, Yuxuan Luo wrote:
> [Impact]
> A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack.
> The socket buffer (skb) was assumed to be associated with a device before
> calling __ip_options_compile, which is not always the case if the skb is
> re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN
> privileges to crash the system.
>
> [Backport]
> It's a clean backport.
>
> [Test]
> Tested against [the poc](https://vuldb.com/?exploit_url.241116) with
> privilege since the exploit requires it.
>
> [Potential Regression]
> Expect very low regression potential.
>
>
> Kyle Zeng (1):
> ipv4: fix null-deref in ipv4_link_failure
>
> net/ipv4/route.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
For Mantic too
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list