net: bridge: fix vlan tunnel dst null pointer dereference
Description
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: fix vlan tunnel dst null pointer dereference
This patch fixes a tunnel_dst null pointer dereference due to lockless access in the tunnel egress path. When deleting a vlan tunnel the tunnel_dst pointer is set to NULL without waiting a grace period (i.e. while it's still usable) and packets egressing are dereferencing it without checking. Use READ/WRITE_ONCE to annotate the lockless use of tunnel_id, use RCU for accessing tunnel_dst and make sure it is read only once and checked in the egress path. The dst is already properly RCU protected so we don't need to do anything fancy than to make sure tunnel_id and tunnel_dst are read only once and checked in the egress path.
Affected products
9- osv-coords8 versionspkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_65&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 4.12.14-122.247.1+ 7 more
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 4.12.14-122.247.1
- (no CPE)range: < 1-8.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/24a6e55f17aa123bc1fc54b7d3c410b41bc16530mitre
- git.kernel.org/stable/c/58e2071742e38f29f051b709a5cca014ba51166fmitre
- git.kernel.org/stable/c/a2241e62f6b4a774d8a92048fdf59c45f6c2fe5cmitre
- git.kernel.org/stable/c/abb02e05cb1c0a30dd873a29f33bc092067dc35dmitre
- git.kernel.org/stable/c/ad7feefe7164892db424c45687472db803d87f79mitre
- git.kernel.org/stable/c/fe0448a3fad365a747283a00a1d1ad5e8d6675b7mitre
News mentions
0No linked articles in our index yet.