HomeDefault status
unaffected
27069e7cb3d1cea9377069266acf19b9cc5ad0ae (git) before ad16235c9d3ef7ec17c109ff39b7504f49d17072
affected
27069e7cb3d1cea9377069266acf19b9cc5ad0ae (git) before cc976ec9e38bb79409de3261ba1dbb6868e2a53e
affected
27069e7cb3d1cea9377069266acf19b9cc5ad0ae (git) before 893c49a78d9f85e4b8081b908fb7c407d018106a
affected
Default status
affected
6.12
affected
Any version before 6.12
unaffected
6.12.55 (semver)
unaffected
6.17.3 (semver)
unaffected
6.18 (original_commit_for_fix)
unaffected
Description
In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). mptcp_active_enable() is called from subflow_finish_connect(), which is icsk->icsk_af_ops->sk_rx_dst_set() and it's not always under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu().
Product status
27069e7cb3d1cea9377069266acf19b9cc5ad0ae (git) before ad16235c9d3ef7ec17c109ff39b7504f49d17072
27069e7cb3d1cea9377069266acf19b9cc5ad0ae (git) before cc976ec9e38bb79409de3261ba1dbb6868e2a53e
27069e7cb3d1cea9377069266acf19b9cc5ad0ae (git) before 893c49a78d9f85e4b8081b908fb7c407d018106a
6.12
Any version before 6.12
6.12.55 (semver)
6.17.3 (semver)
6.18 (original_commit_for_fix)
References
git.kernel.org/...c/ad16235c9d3ef7ec17c109ff39b7504f49d17072
git.kernel.org/...c/cc976ec9e38bb79409de3261ba1dbb6868e2a53e
git.kernel.org/...c/893c49a78d9f85e4b8081b908fb7c407d018106a
