CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit()
requested to merge redhat/red-hat-ci-tools/kernel/bot-branches/centos-stream-9:backport-RHEL-57255-centos-stream-9-main into main
JIRA: https://issues.redhat.com/browse/RHEL-57255
CVE: CVE-2024-44985
ipv6: prevent possible UAF in ip6_xmit()
If skb_expand_head() returns NULL, skb has been freed
and the associated dst/idev could also have been freed.
We must use rcu_read_lock() to prevent a possible UAF.
Fixes: 0c9f227bee11 ("ipv6: use skb_expand_head in ip6_xmit")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vasily Averin <vasily.averin@linux.dev>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20240820160859.3786976-4-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 2d5ff7e339d04622d8282661df36151906d0e1c7)Signed-off-by: CKI Backport Bot cki-ci-bot+cki-gitlab-backport-bot@redhat.com
Created 2024-09-20 02:49 UTC by backporter - KWF FAQ - Slack #team-kernel-workflow - Source - Documentation - Report an issue