net-shapers: don't free reply skb after genlmsg_reply()
Platform
linux
Component
linux
Fixed in
57885276cc16a2e2b76282c808a4e84cbecb3aae
In the Linux kernel, the following vulnerability has been resolved:
net-shapers: don't free reply skb after genlmsg_reply()
genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it on all return paths, whether the skb is queued successfully or freed on an error path.
netshapernlgetdoit() and netshapernlcapget_doit() currently jump to freemsg after genlmsgreply() fails and call nlmsg_free(msg), which can hit the same skb twice.
Return the genlmsgreply() error directly and keep freemsg only for pre-reply failures.
Affected Software
Timeline
- Reserved
- Published
How to fix
Aplique la actualización del kernel a la versión corregida (6.13 o superior) para evitar la liberación prematura de memoria SKB. Consulte las notas de la versión del kernel para obtener instrucciones específicas de actualización para su distribución de Linux.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Try it now — no account
Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.
Drag & drop your dependency file
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...