ACK: [SRU][F][PATCH 0/1] CVE-2024-26641
Koichiro Den
koichiro.den at canonical.com
Wed Sep 25 00:38:53 UTC 2024
Acked-by: Koichiro Den <koichiro.den at canonical.com>
On Tue, Sep 24, 2024 at 02:24:27PM +0200, Massimiliano Pellizzer wrote:
> [Impact]
>
> Ensure that the pskb_inet_may_pull() functions is called to properly
> pull the packet data into memory before accessing it. Additionally, the
> ipv6h variable, which holds the reference to the inner IPV6 header, is
> initialized after this function call to prevent it from pointing to
> incorrect memory.
>
> [Fix]
>
> Noble: Fixed
> Jammy: Fixed
> Focal: Backported the fix commit from linux-5.10.y
> Bionic: Sent to ESM ML
> Xenial: Not affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The fix for CVE-2024-26641 affects the IPV6 tunnelling subsystem.
> An issue with this fix may lead to kernel crashes, particularly during
> the reception and processing of IPV6-encapsulated packets. Users may
> also notice unexpected behavior, such as packet loss or the mishandling
> of fragmented packets, due to improper memory handling during
> decapsulation.
>
> Eric Dumazet (1):
> ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
>
> net/ipv6/ip6_tunnel.c | 21 ++++++++++++++++++---
> 1 file changed, 18 insertions(+), 3 deletions(-)
>
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list