APPLIED: [SRU][N][PATCH 0/1] CVE-2024-44987
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Oct 7 07:32:59 UTC 2024
On 25/09/2024 03:38, Koichiro Den wrote:
> [Impact]
>
> ipv6: prevent UAF in ip6_send_skb()
>
> syzbot reported an UAF in ip6_send_skb() [1]
>
> After ip6_local_out() has returned, we no longer can safely
> dereference rt, unless we hold rcu_read_lock().
>
> A similar issue has been fixed in commit
> a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")
>
> Another potential issue in ip6_finish_output2() is handled in a
> separate patch.
>
> [1] See the original commit message:
> faa389b2fbaa ("ipv6: prevent UAF in ip6_send_skb()")
>
> [Fix]
>
> Noble: Clean cherry-pick
> Jammy: fixed via stable
> Focal: fixed via stable
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: not affected
>
> [Test Case]
>
> Compile and boot tested
>
> [Where problems could occur]
>
> This fix addresses an issue in ipv6 stack. Without the fix, users could
> potentially encounter unpredicted system behavior or a system crash.
>
>
> Eric Dumazet (1):
> ipv6: prevent UAF in ip6_send_skb()
>
> net/ipv6/ip6_output.c | 2 ++
> 1 file changed, 2 insertions(+)
>
Applied to noble:linux master-next branch. Thanks!
More information about the kernel-team
mailing list