| Message ID | 20240709010247.84658-1-vinicius.peixoto@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-36901 | expand |
On Mon, Jul 08, 2024 at 10:02:45PM -0300, Vinicius Peixoto wrote: > [Impact] > According to syzbot, there is a chance that ip6_dst_idev() > returns NULL in ip6_output(). Most places in IPv6 stack > deal with a NULL idev just fine, but not here. > > [Backport] > Due to the lack of upstream commit > 5e187189ec324f78035d33a4bc123a9c4ca6f3e3 ("net: ip: add skb drop reasons for ip egress path)" > Jammy, Focal, Bionic and Xenial had a context conflict. > Xenial is also missing 97a7a37a7b7b ("ipv6: Initial skb->dev and skb->protocol in ip6_output"). > However, none of those commits directly impact the fix or the issue, > so a manual backport is appropriate here. > > [Test] > Compile tested. > > [Where problems could occur] > Any issues here would directly impact IPv6 networking. > > Eric Dumazet (1): > ipv6: prevent NULL dereference in ip6_output() > > net/ipv6/ip6_output.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > -- > 2.43.0 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team We usually put the CVE number right before the final Signed-off-by: line in the commit message. Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
On Tue, Jul 9, 2024 at 9:03 AM Vinicius Peixoto <vinicius.peixoto@canonical.com> wrote: > > [Impact] > According to syzbot, there is a chance that ip6_dst_idev() > returns NULL in ip6_output(). Most places in IPv6 stack > deal with a NULL idev just fine, but not here. > > [Backport] > Due to the lack of upstream commit > 5e187189ec324f78035d33a4bc123a9c4ca6f3e3 ("net: ip: add skb drop reasons for ip egress path)" > Jammy, Focal, Bionic and Xenial had a context conflict. > Xenial is also missing 97a7a37a7b7b ("ipv6: Initial skb->dev and skb->protocol in ip6_output"). > However, none of those commits directly impact the fix or the issue, > so a manual backport is appropriate here. > > [Test] > Compile tested. > > [Where problems could occur] > Any issues here would directly impact IPv6 networking. > > Eric Dumazet (1): > ipv6: prevent NULL dereference in ip6_output() > > net/ipv6/ip6_output.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > -- > 2.43.0 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Chris Chiu <chris.chiu@canonical.com>
Hi Chris, Just a small remainder to replace the `RE:` by `ACK:` in the Subject of your mail. Thanks, On 09-07-2024 17:57, Chris Chiu wrote: > On Tue, Jul 9, 2024 at 9:03 AM Vinicius Peixoto > <vinicius.peixoto@canonical.com> wrote: >> >> [Impact] >> According to syzbot, there is a chance that ip6_dst_idev() >> returns NULL in ip6_output(). Most places in IPv6 stack >> deal with a NULL idev just fine, but not here. >> >> [Backport] >> Due to the lack of upstream commit >> 5e187189ec324f78035d33a4bc123a9c4ca6f3e3 ("net: ip: add skb drop reasons for ip egress path)" >> Jammy, Focal, Bionic and Xenial had a context conflict. >> Xenial is also missing 97a7a37a7b7b ("ipv6: Initial skb->dev and skb->protocol in ip6_output"). >> However, none of those commits directly impact the fix or the issue, >> so a manual backport is appropriate here. >> >> [Test] >> Compile tested. >> >> [Where problems could occur] >> Any issues here would directly impact IPv6 networking. >> >> Eric Dumazet (1): >> ipv6: prevent NULL dereference in ip6_output() >> >> net/ipv6/ip6_output.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> -- >> 2.43.0 >> >> >> -- >> kernel-team mailing list >> kernel-team@lists.ubuntu.com >> https://lists.ubuntu.com/mailman/listinfo/kernel-team > > Acked-by: Chris Chiu <chris.chiu@canonical.com> >
[Impact] According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. [Backport] Due to the lack of upstream commit 5e187189ec324f78035d33a4bc123a9c4ca6f3e3 ("net: ip: add skb drop reasons for ip egress path)" Jammy, Focal, Bionic and Xenial had a context conflict. Xenial is also missing 97a7a37a7b7b ("ipv6: Initial skb->dev and skb->protocol in ip6_output"). However, none of those commits directly impact the fix or the issue, so a manual backport is appropriate here. [Test] Compile tested. [Where problems could occur] Any issues here would directly impact IPv6 networking. Eric Dumazet (1): ipv6: prevent NULL dereference in ip6_output() net/ipv6/ip6_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)