Description
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace period starts. This allows macvlan_forward_source() to skip over entries queued for freeing. Note that macvlan_dev are already RCU protected, as they are embedded in a standard netdev (netdev_priv(ndev)). https: //lore.kernel.org/netdev/695fb1e8.050a0220.1c677c.039f.GAE@google.com/T/#u
Product status
79cf79abce71eb7dbc40e2f3121048ca5405cb47 (git) before 8133e85b8a3ec9f10d861e0002ec6037256e987e
79cf79abce71eb7dbc40e2f3121048ca5405cb47 (git) before 484919832e2db6ce1e8add92c469e5d459a516b5
79cf79abce71eb7dbc40e2f3121048ca5405cb47 (git) before 232afc74a6dde0fe1830988e5827921f5ec9bb3f
79cf79abce71eb7dbc40e2f3121048ca5405cb47 (git) before 15f6faf36e162532bec5cc05eb3fc622108bf2ed
79cf79abce71eb7dbc40e2f3121048ca5405cb47 (git) before 8518712a2ca952d6da2238c6f0a16b4ae5ea3f13
79cf79abce71eb7dbc40e2f3121048ca5405cb47 (git) before 6dbead9c7677186f22b7981dd085a0feec1f038e
79cf79abce71eb7dbc40e2f3121048ca5405cb47 (git) before 7470a7a63dc162f07c26dbf960e41ee1e248d80e
3.18
Any version before 3.18
5.10.249 (semver)
5.15.199 (semver)
6.1.162 (semver)
6.6.122 (semver)
6.12.67 (semver)
6.18.7 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/8133e85b8a3ec9f10d861e0002ec6037256e987e
git.kernel.org/...c/484919832e2db6ce1e8add92c469e5d459a516b5
git.kernel.org/...c/232afc74a6dde0fe1830988e5827921f5ec9bb3f
git.kernel.org/...c/15f6faf36e162532bec5cc05eb3fc622108bf2ed
git.kernel.org/...c/8518712a2ca952d6da2238c6f0a16b4ae5ea3f13
git.kernel.org/...c/6dbead9c7677186f22b7981dd085a0feec1f038e
git.kernel.org/...c/7470a7a63dc162f07c26dbf960e41ee1e248d80e