[SRU][N][PATCH 0/1] CVE-2024-44987
Koichiro Den
koichiro.den at canonical.com
Wed Sep 25 01:38:50 UTC 2024
[Impact]
ipv6: prevent UAF in ip6_send_skb()
syzbot reported an UAF in ip6_send_skb() [1]
After ip6_local_out() has returned, we no longer can safely
dereference rt, unless we hold rcu_read_lock().
A similar issue has been fixed in commit
a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()")
Another potential issue in ip6_finish_output2() is handled in a
separate patch.
[1] See the original commit message:
faa389b2fbaa ("ipv6: prevent UAF in ip6_send_skb()")
[Fix]
Noble: Clean cherry-pick
Jammy: fixed via stable
Focal: fixed via stable
Bionic: fix sent to esm ML
Xenial: fix sent to esm ML
Trusty: not affected
[Test Case]
Compile and boot tested
[Where problems could occur]
This fix addresses an issue in ipv6 stack. Without the fix, users could
potentially encounter unpredicted system behavior or a system crash.
Eric Dumazet (1):
ipv6: prevent UAF in ip6_send_skb()
net/ipv6/ip6_output.c | 2 ++
1 file changed, 2 insertions(+)
--
2.43.0
More information about the kernel-team
mailing list