APPLIED: [SRU][F][PATCH 0/1] CVE-2024-26641

[Stefan Bader]

On 24.09.24 14:24, Massimiliano Pellizzer wrote:
> [Impact]
> 
> Ensure that the pskb_inet_may_pull() functions is called to properly
> pull the packet data into memory before accessing it. Additionally, the
> ipv6h variable, which holds the reference to the inner IPV6 header, is
> initialized after this function call to prevent it from pointing to
> incorrect memory.
> 
> [Fix]
> 
> Noble:  Fixed
> Jammy:  Fixed
> Focal:  Backported the fix commit from linux-5.10.y
> Bionic: Sent to ESM ML
> Xenial: Not affected
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Where problems could occur]
> 
> The fix for CVE-2024-26641 affects the IPV6 tunnelling subsystem.
> An issue with this fix may lead to kernel crashes, particularly during
> the reception and processing of IPV6-encapsulated packets. Users may
> also notice unexpected behavior, such as packet loss or the mishandling
> of fragmented packets, due to improper memory handling during
> decapsulation.
> 
> Eric Dumazet (1):
>    ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
> 
>   net/ipv6/ip6_tunnel.c | 21 ++++++++++++++++++---
>   1 file changed, 18 insertions(+), 3 deletions(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240926/9fe85fe9/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240926/9fe85fe9/attachment-0001.sig>