Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:ax25: properly unshare skbs in ax25_kiss_rcv()Bernard Pidoux reported a regression apparently caused by commitc353e8983e0d ("net: introduce per netns packet chains").skb->dev becomes NULL and we crash in __netif_receive_skb_core().Before above commit, different kind of bugs or corruptions could happenwithout a major crash.But the root cause is that ax25_kiss_rcv() can queue/mangle input skbwithout checking if this skb is shared or not.Many thanks to Bernard Pidoux for his help, diagnosis and tests.We had a similar issue years ago fixed with commit 7aaed57c5c28("phonet: properly unshare skbs in phonet_rcv()").
No PoCs from references.
- https://github.com/w4zu/Debian_security