ACK: [SRU][N][PATCH 0/1] CVE-2024-56600
Koichiro Den
koichiro.den at canonical.com
Wed Feb 19 01:59:40 UTC 2025
On Sat, Feb 15, 2025 at 03:45:27PM GMT, Massimiliano Pellizzer wrote:
> [Impact]
>
> net: inet6: do not leave a dangling sk pointer in inet6_create()
>
> sock_init_data() attaches the allocated sk pointer to the provided sock
> object. If inet6_create() fails later, the sk object is released, but the
> sock object retains the dangling sk pointer, which may cause use-after-free
> later.
>
> Clear the sock sk pointer on error.
>
> [Fix]
>
> Oracular: Fixed via upstream stable updates (LP: #2096827)
> Noble: Clean cherry pick from mainline
> Jammy: Fixed via upstream stable updates (LP: #2095283)
> Focal: Fixed via upstream stable updates (LP: #2095145)
>
> [Test]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> The fix affects the IPv6 socket subsystem. An issue with this fix may
> lead to incorrect handling of socket initialization failures. A user
> might experience problems such as unexpected crashes when creating IPv6
> sockets, lingering socket structures that are not properly released, or
> failures to bind to IPv6 addresses.
>
>
>
> Ignat Korchagin (1):
> net: inet6: do not leave a dangling sk pointer in inet6_create()
>
> net/ipv6/af_inet6.c | 22 ++++++++++------------
> 1 file changed, 10 insertions(+), 12 deletions(-)
>
Acked-by: Koichiro Den <koichiro.den at canonical.com>
More information about the kernel-team
mailing list