Description
In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly timeout, it can still hold a reference to a partially assembled message in strp->skb_head. That skb is not released in strp_abort_strp(), which leaks the partially assembled message and can be triggered repeatedly to exhaust memory. Fix this by freeing strp->skb_head and resetting the parser state in the abort path. Leave strp_stop() unchanged so final cleanup still happens in strp_done() after the work and timer have been synchronized.
Product status
43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a (git) before d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3
43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a (git) before a470ed71c906cc8cbad0d74c9942216698911f8b
43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a (git) before c2e57695ec9ff9d42f23de70f3805199153d007b
43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a (git) before e9ae00490d474757c0f9c65073de83e6bb1e5a00
43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a (git) before 5327dad2ffe9c1b49881dd6d51ff3c6893847568
43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a (git) before 19ca9475f18f991735f98a22e735c43e95e6298d
43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a (git) before 56082f442023db9be1a5a29d4ee361de4017c0b7
43a0c6751a322847cb6fa0ab8cbf77a1d08bfc0a (git) before fe72340daaf1af588be88056faf98965f39e6032
4.9
Any version before 4.9
5.10.258 (semver)
5.15.209 (semver)
6.1.175 (semver)
6.6.140 (semver)
6.12.86 (semver)
6.18.27 (semver)
7.0.4 (semver)
7.1-rc1 (original_commit_for_fix)
References
git.kernel.org/...c/d6668ce0e78d23eabecef9a6bc4f0f739cb28ad3
git.kernel.org/...c/a470ed71c906cc8cbad0d74c9942216698911f8b
git.kernel.org/...c/c2e57695ec9ff9d42f23de70f3805199153d007b
git.kernel.org/...c/e9ae00490d474757c0f9c65073de83e6bb1e5a00
git.kernel.org/...c/5327dad2ffe9c1b49881dd6d51ff3c6893847568
git.kernel.org/...c/19ca9475f18f991735f98a22e735c43e95e6298d
git.kernel.org/...c/56082f442023db9be1a5a29d4ee361de4017c0b7
git.kernel.org/...c/fe72340daaf1af588be88056faf98965f39e6032