| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061922-CVE-2024-38612-7fc1@gregkh>
Date: Wed, 19 Jun 2024 15:56:25 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-38612: ipv6: sr: fix invalid unregister error path
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ipv6: sr: fix invalid unregister error path
The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL
is not defined. In that case if seg6_hmac_init() fails, the
genl_unregister_family() isn't called.
This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control
lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible
use-after-free and null-ptr-deref") replaced unregister_pernet_subsys()
with genl_unregister_family() in this error path.
The Linux kernel CVE team has assigned CVE-2024-38612 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 4.19.316 with commit 10610575a3ac
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 5.4.278 with commit 646cd236c55e
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 5.10.219 with commit 00e6335329f2
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 5.15.161 with commit 1a63730fb315
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 6.1.93 with commit e77a3ec7ada8
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 6.6.33 with commit 3398a40dccb8
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 6.8.12 with commit 85a70ff1e572
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 6.9.3 with commit c04d6a914e89
Issue introduced in 4.10 with commit 46738b1317e1 and fixed in 6.10-rc1 with commit 160e9d275218
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-38612
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/ipv6/seg6.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7
https://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4
https://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598c
https://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01
https://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925
https://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66
https://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89a
https://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4
https://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45
Powered by blists - more mailing lists