[SRU][F][PATCH 0/1] CVE-2024-26641
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Tue Sep 24 12:24:27 UTC 2024
[Impact]
Ensure that the pskb_inet_may_pull() functions is called to properly
pull the packet data into memory before accessing it. Additionally, the
ipv6h variable, which holds the reference to the inner IPV6 header, is
initialized after this function call to prevent it from pointing to
incorrect memory.
[Fix]
Noble: Fixed
Jammy: Fixed
Focal: Backported the fix commit from linux-5.10.y
Bionic: Sent to ESM ML
Xenial: Not affected
[Test Case]
Compile and boot tested.
[Where problems could occur]
The fix for CVE-2024-26641 affects the IPV6 tunnelling subsystem.
An issue with this fix may lead to kernel crashes, particularly during
the reception and processing of IPV6-encapsulated packets. Users may
also notice unexpected behavior, such as packet loss or the mishandling
of fragmented packets, due to improper memory handling during
decapsulation.
Eric Dumazet (1):
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
net/ipv6/ip6_tunnel.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
--
2.43.0
More information about the kernel-team
mailing list