Description
In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() and dst_dev_rcu(). Note that the only ->ndo_sk_get_lower_dev() user is bond_sk_get_lower_dev(), which uses RCU.
Product status
e8f69799810c32dd40c6724d829eccc70baad07f (git) before e37ca0092ddace60833790b4ad7a390408fb1be9
e8f69799810c32dd40c6724d829eccc70baad07f (git) before 13159c7125636371543a82cb7bbae00ab36730cc
e8f69799810c32dd40c6724d829eccc70baad07f (git) before f09cd209359a23f88d4f3fa3d2379d057027e53c
e8f69799810c32dd40c6724d829eccc70baad07f (git) before feb474ddbf26b51f462ae2e60a12013bdcfc5407
e8f69799810c32dd40c6724d829eccc70baad07f (git) before c65f27b9c3be2269918e1cbad6d8884741f835c5
4.18
Any version before 4.18
6.1.161 (semver)
6.6.121 (semver)
6.12.66 (semver)
6.17.3 (semver)
6.18 (original_commit_for_fix)
References
git.kernel.org/...c/e37ca0092ddace60833790b4ad7a390408fb1be9
git.kernel.org/...c/13159c7125636371543a82cb7bbae00ab36730cc
git.kernel.org/...c/f09cd209359a23f88d4f3fa3d2379d057027e53c
git.kernel.org/...c/feb474ddbf26b51f462ae2e60a12013bdcfc5407
git.kernel.org/...c/c65f27b9c3be2269918e1cbad6d8884741f835c5