Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:ipc: fix to protect IPCS lookups using RCUsyzbot reported that it discovered a use-after-free vulnerability, [0][0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/idr_for_each() is protected by rwsem, but this is not enough. If it isnot protected by RCU read-critical region, when idr_for_each() callsradix_tree_node_free() through call_rcu() to free the radix_tree_nodestructure, the node will be freed immediately, and when reading the nextnode in radix_tree_for_each_slot(), the already freed memory may be read.Therefore, we need to add code to make sure that idr_for_each() isprotected within the RCU read-critical region when we call it inshm_destroy_orphaned().
No PoCs from references.
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/w4zu/Debian_security