HomeDefault status
unaffected
8df40d1033d64597dcf1efd4f7547e817f7a953b (git) before 222cc04356984f3f98acfa756a69d4bed7c501ac
affected
8df40d1033d64597dcf1efd4f7547e817f7a953b (git) before 4eed93bb3e57b8cc78d17166a14e40a73276015a
affected
8df40d1033d64597dcf1efd4f7547e817f7a953b (git) before 207501a986831174df09a36a8cb62a28f92f0dc8
affected
8df40d1033d64597dcf1efd4f7547e817f7a953b (git) before cb34b7cf17ecf33499c9298943f85af247abc1e9
affected
Default status
affected
2.6.37
affected
Any version before 2.6.37
unaffected
5.15.86 (semver)
unaffected
6.0.16 (semver)
unaffected
6.1.2 (semver)
unaffected
6.2 (original_commit_for_fix)
unaffected
Description
In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEV_STATS_INC() to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev->stats.tx_error concurrently. This is because sit tunnels are NETIF_F_LLTX, meaning their ndo_start_xmit() is not protected by a spinlock. While original KCSAN report was about tx path, rx path has the same issue.
Product status
8df40d1033d64597dcf1efd4f7547e817f7a953b (git) before 222cc04356984f3f98acfa756a69d4bed7c501ac
8df40d1033d64597dcf1efd4f7547e817f7a953b (git) before 4eed93bb3e57b8cc78d17166a14e40a73276015a
8df40d1033d64597dcf1efd4f7547e817f7a953b (git) before 207501a986831174df09a36a8cb62a28f92f0dc8
8df40d1033d64597dcf1efd4f7547e817f7a953b (git) before cb34b7cf17ecf33499c9298943f85af247abc1e9
2.6.37
Any version before 2.6.37
5.15.86 (semver)
6.0.16 (semver)
6.1.2 (semver)
6.2 (original_commit_for_fix)
References
git.kernel.org/...c/222cc04356984f3f98acfa756a69d4bed7c501ac
git.kernel.org/...c/4eed93bb3e57b8cc78d17166a14e40a73276015a
git.kernel.org/...c/207501a986831174df09a36a8cb62a28f92f0dc8
git.kernel.org/...c/cb34b7cf17ecf33499c9298943f85af247abc1e9