ACK: [SRU][F][PATCH 0/1] CVE-2024-26641
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu Sep 26 07:30:55 UTC 2024
On 24/09/2024 14:24, Massimiliano Pellizzer wrote:
> [Impact]
>
> Ensure that the pskb_inet_may_pull() functions is called to properly
> pull the packet data into memory before accessing it. Additionally, the
> ipv6h variable, which holds the reference to the inner IPV6 header, is
> initialized after this function call to prevent it from pointing to
> incorrect memory.
>
> [Fix]
>
> Noble: Fixed
> Jammy: Fixed
> Focal: Backported the fix commit from linux-5.10.y
> Bionic: Sent to ESM ML
> Xenial: Not affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The fix for CVE-2024-26641 affects the IPV6 tunnelling subsystem.
> An issue with this fix may lead to kernel crashes, particularly during
> the reception and processing of IPV6-encapsulated packets. Users may
> also notice unexpected behavior, such as packet loss or the mishandling
> of fragmented packets, due to improper memory handling during
> decapsulation.
>
> Eric Dumazet (1):
> ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
>
> net/ipv6/ip6_tunnel.c | 21 ++++++++++++++++++---
> 1 file changed, 18 insertions(+), 3 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list