Description
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmp_pointers Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply type. That value is outside the range covered by icmp_pointers[], which only describes the traditional ICMP types up to NR_ICMP_TYPES. Avoid consulting icmp_pointers[] for reply types outside that range, and use array_index_nospec() for the remaining in-range lookup. Normal ICMP replies keep their existing behavior unchanged.
Product status
d329ea5bd8845f0b196bf41b18b6173340d6e0e4 (git) before b3a88fc5ae024d43c5ecf653f3bbe837e4a6dc99
d329ea5bd8845f0b196bf41b18b6173340d6e0e4 (git) before 93df2af4f491de33827550b9d420f01808c0706b
d329ea5bd8845f0b196bf41b18b6173340d6e0e4 (git) before 92e7c209036dcc0e8ffdf806fdfd3645b263bea5
d329ea5bd8845f0b196bf41b18b6173340d6e0e4 (git) before bc64a66e0b9ad937d3d49934242ee62b01ba9a94
d329ea5bd8845f0b196bf41b18b6173340d6e0e4 (git) before c2178ff1c70ebfc2ab9651b230c58a34683db759
d329ea5bd8845f0b196bf41b18b6173340d6e0e4 (git) before d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1
d329ea5bd8845f0b196bf41b18b6173340d6e0e4 (git) before 67bf002a2d7387a6312138210d0bd06e3cf4879b
5.13
Any version before 5.13
5.15.209 (semver)
6.1.175 (semver)
6.6.140 (semver)
6.12.86 (semver)
6.18.27 (semver)
7.0.4 (semver)
7.1-rc1 (original_commit_for_fix)
References
git.kernel.org/...c/b3a88fc5ae024d43c5ecf653f3bbe837e4a6dc99
git.kernel.org/...c/93df2af4f491de33827550b9d420f01808c0706b
git.kernel.org/...c/92e7c209036dcc0e8ffdf806fdfd3645b263bea5
git.kernel.org/...c/bc64a66e0b9ad937d3d49934242ee62b01ba9a94
git.kernel.org/...c/c2178ff1c70ebfc2ab9651b230c58a34683db759
git.kernel.org/...c/d700c34a5d186b9ba0715bcb19e0ff80ffbfbfc1
git.kernel.org/...c/67bf002a2d7387a6312138210d0bd06e3cf4879b