Description
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc. However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak. Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atmarp() to prevent memleak.
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 2fb37ab3226606cbfc9b2b6f9e301b0b735734c5
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9e4dbeee56f614e3f1e166e5d0655a999ea185ef
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 1c075e88d5859a2c6b43b27e0e46fb281cef8039
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 0c17ff462d98c997d707ee5cf4e4a9b1b52b9d90
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 1fb9fb5a4b5cec2d56e26525ef8c519de858fa60
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9f771816f14da6d6157a8c30069091abf6b566fb
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before cb2e4a2f8f268d8fba6662f663a2e57846f14a8d
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 62dba28275a9a3104d4e33595c7b3328d4032d8d
2.6.12
Any version before 2.6.12
5.4.296
5.10.240
5.15.189
6.1.146
6.6.99
6.12.39
6.15.7
6.16
References
git.kernel.org/...c/2fb37ab3226606cbfc9b2b6f9e301b0b735734c5
git.kernel.org/...c/9e4dbeee56f614e3f1e166e5d0655a999ea185ef
git.kernel.org/...c/1c075e88d5859a2c6b43b27e0e46fb281cef8039
git.kernel.org/...c/0c17ff462d98c997d707ee5cf4e4a9b1b52b9d90
git.kernel.org/...c/1fb9fb5a4b5cec2d56e26525ef8c519de858fa60
git.kernel.org/...c/9f771816f14da6d6157a8c30069091abf6b566fb
git.kernel.org/...c/cb2e4a2f8f268d8fba6662f663a2e57846f14a8d
git.kernel.org/...c/62dba28275a9a3104d4e33595c7b3328d4032d8d
