Description
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive.
Product status
5796015fa968a3349027a27dcd04c71d95c53ba5 (git) before e891b36de161fcd96f12ff83667473e5067b9037
5796015fa968a3349027a27dcd04c71d95c53ba5 (git) before 3574d28caf9a09756ae87ad1ea096c6f47b6101e
5796015fa968a3349027a27dcd04c71d95c53ba5 (git) before 6ab6bf731354a6fdbaa617d1ec194960db61cf3b
5796015fa968a3349027a27dcd04c71d95c53ba5 (git) before 56efc253196751ece1fc535a5b582be127b0578a
5796015fa968a3349027a27dcd04c71d95c53ba5 (git) before da273b377ae0d9bd255281ed3c2adb228321687b
ded37d03440d0ab346a8287cc2ba88b8dc90ceb0 (git)
2323690eb05865a657709f4d28eb9538ea97bfc2 (git)
b34c668a867ffdcf8bd8db4a36512572e82b4a15 (git)
5.14
Any version before 5.14
5.15.166 (semver)
6.1.107 (semver)
6.6.48 (semver)
6.10.7 (semver)
6.11 (original_commit_for_fix)
References
git.kernel.org/...c/e891b36de161fcd96f12ff83667473e5067b9037
git.kernel.org/...c/3574d28caf9a09756ae87ad1ea096c6f47b6101e
git.kernel.org/...c/6ab6bf731354a6fdbaa617d1ec194960db61cf3b
git.kernel.org/...c/56efc253196751ece1fc535a5b582be127b0578a
git.kernel.org/...c/da273b377ae0d9bd255281ed3c2adb228321687b
