ipv4: fix null-deref in ipv4_link_failure (!3240) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Felix Maurer requested to merge fmaurer-rh/centos-stream-9:RHEL-5426 into main Oct 19, 2023

JIRA: https://issues.redhat.com/browse/RHEL-5426
CVE: CVE-2023-42754

Currently, we assume the skb is associated with a device before calling  
__ip_options_compile, which is not always the case if it is re-routed by  
ipvs.  
When skb->dev is NULL, dev_net(skb->dev) will become null-dereference.  
This patch adds a check for the edge case and switch to use the net_device  
from the rtable when skb->dev is NULL.

Signed-off-by: Felix Maurer fmaurer@redhat.com

Edited Oct 20, 2023 by Felix Maurer

ipv4: fix null-deref in ipv4_link_failure

Merge request reports