In the Linux kernel, the following vulnerability has been resolved:
gro: fix ownership transfer
If packets are GROed with fraglist they might be segmented later on and continue their journey in the stack. In skb_segment_list those skbs can be reused as-is. This is an issue as their destructor was removed in skb_gro_receive_list but not the reference to their socket, and then they cant be orphaned. Fix this by also removing the reference to the socket.
For example this could be observed,
kernel BUG at include/linux/skbuff.h:3131! (skb_orphan) RIP: 0010:ip6_rcv_core+0x11bc/0x19a0 Call Trace: ipv6_list_rcv+0x250/0x3f0 __netif_receive_skb_list_core+0x49d/0x8f0 netif_receive_skb_list_internal+0x634/0xd40 napi_complete_done+0x1d2/0x7d0 gro_cell_poll+0x118/0x1f0
A similar construction is found in skb_gro_receive, apply the same change there.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 8 | RedHat | kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10 | * |
Red Hat Enterprise Linux 8 | RedHat | kernel-0:4.18.0-553.8.1.el8_10 | * |
Red Hat Enterprise Linux 9 | RedHat | kernel-0:5.14.0-427.18.1.el9_4 | * |
Red Hat Enterprise Linux 9 | RedHat | kernel-0:5.14.0-427.18.1.el9_4 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | kernel-0:5.14.0-70.105.1.el9_0 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | kernel-0:5.14.0-284.62.1.el9_2 | * |
Linux | Ubuntu | jammy | * |
Linux | Ubuntu | mantic | * |
Linux | Ubuntu | noble | * |
Linux | Ubuntu | upstream | * |
Linux-allwinner-5.19 | Ubuntu | jammy | * |
Linux-allwinner-5.19 | Ubuntu | upstream | * |
Linux-aws | Ubuntu | jammy | * |
Linux-aws | Ubuntu | mantic | * |
Linux-aws | Ubuntu | noble | * |
Linux-aws | Ubuntu | upstream | * |
Linux-aws-5.0 | Ubuntu | bionic | * |
Linux-aws-5.0 | Ubuntu | esm-infra/bionic | * |
Linux-aws-5.0 | Ubuntu | upstream | * |
Linux-aws-5.11 | Ubuntu | focal | * |
Linux-aws-5.11 | Ubuntu | upstream | * |
Linux-aws-5.13 | Ubuntu | focal | * |
Linux-aws-5.13 | Ubuntu | upstream | * |
Linux-aws-5.15 | Ubuntu | focal | * |
Linux-aws-5.15 | Ubuntu | upstream | * |
Linux-aws-5.19 | Ubuntu | jammy | * |
Linux-aws-5.19 | Ubuntu | upstream | * |
Linux-aws-5.3 | Ubuntu | bionic | * |
Linux-aws-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-aws-5.3 | Ubuntu | upstream | * |
Linux-aws-5.4 | Ubuntu | upstream | * |
Linux-aws-5.8 | Ubuntu | focal | * |
Linux-aws-5.8 | Ubuntu | upstream | * |
Linux-aws-6.2 | Ubuntu | jammy | * |
Linux-aws-6.2 | Ubuntu | upstream | * |
Linux-aws-6.5 | Ubuntu | jammy | * |
Linux-aws-6.5 | Ubuntu | upstream | * |
Linux-aws-6.8 | Ubuntu | jammy | * |
Linux-aws-6.8 | Ubuntu | upstream | * |
Linux-aws-fips | Ubuntu | fips-preview/jammy | * |
Linux-aws-fips | Ubuntu | fips-updates/jammy | * |
Linux-aws-fips | Ubuntu | trusty | * |
Linux-aws-fips | Ubuntu | upstream | * |
Linux-aws-fips | Ubuntu | xenial | * |
Linux-aws-hwe | Ubuntu | upstream | * |
Linux-azure | Ubuntu | bionic | * |
Linux-azure | Ubuntu | esm-infra/bionic | * |
Linux-azure | Ubuntu | jammy | * |
Linux-azure | Ubuntu | mantic | * |
Linux-azure | Ubuntu | noble | * |
Linux-azure | Ubuntu | upstream | * |
Linux-azure-4.15 | Ubuntu | upstream | * |
Linux-azure-5.11 | Ubuntu | focal | * |
Linux-azure-5.11 | Ubuntu | upstream | * |
Linux-azure-5.13 | Ubuntu | focal | * |
Linux-azure-5.13 | Ubuntu | upstream | * |
Linux-azure-5.15 | Ubuntu | focal | * |
Linux-azure-5.15 | Ubuntu | upstream | * |
Linux-azure-5.19 | Ubuntu | jammy | * |
Linux-azure-5.19 | Ubuntu | upstream | * |
Linux-azure-5.3 | Ubuntu | bionic | * |
Linux-azure-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-azure-5.3 | Ubuntu | upstream | * |
Linux-azure-5.4 | Ubuntu | upstream | * |
Linux-azure-5.8 | Ubuntu | focal | * |
Linux-azure-5.8 | Ubuntu | upstream | * |
Linux-azure-6.2 | Ubuntu | jammy | * |
Linux-azure-6.2 | Ubuntu | upstream | * |
Linux-azure-6.5 | Ubuntu | jammy | * |
Linux-azure-6.5 | Ubuntu | upstream | * |
Linux-azure-6.8 | Ubuntu | jammy | * |
Linux-azure-6.8 | Ubuntu | upstream | * |
Linux-azure-edge | Ubuntu | bionic | * |
Linux-azure-edge | Ubuntu | esm-infra/bionic | * |
Linux-azure-edge | Ubuntu | upstream | * |
Linux-azure-fde | Ubuntu | focal | * |
Linux-azure-fde | Ubuntu | jammy | * |
Linux-azure-fde | Ubuntu | upstream | * |
Linux-azure-fde-5.15 | Ubuntu | focal | * |
Linux-azure-fde-5.15 | Ubuntu | upstream | * |
Linux-azure-fde-5.19 | Ubuntu | jammy | * |
Linux-azure-fde-5.19 | Ubuntu | upstream | * |
Linux-azure-fde-6.2 | Ubuntu | jammy | * |
Linux-azure-fde-6.2 | Ubuntu | upstream | * |
Linux-azure-fips | Ubuntu | fips-preview/jammy | * |
Linux-azure-fips | Ubuntu | fips-updates/jammy | * |
Linux-azure-fips | Ubuntu | trusty | * |
Linux-azure-fips | Ubuntu | upstream | * |
Linux-azure-fips | Ubuntu | xenial | * |
Linux-bluefield | Ubuntu | bluefield/jammy | * |
Linux-bluefield | Ubuntu | upstream | * |
Linux-fips | Ubuntu | fips-preview/jammy | * |
Linux-fips | Ubuntu | fips-updates/jammy | * |
Linux-fips | Ubuntu | upstream | * |
Linux-gcp | Ubuntu | bionic | * |
Linux-gcp | Ubuntu | esm-infra/bionic | * |
Linux-gcp | Ubuntu | jammy | * |
Linux-gcp | Ubuntu | mantic | * |
Linux-gcp | Ubuntu | noble | * |
Linux-gcp | Ubuntu | upstream | * |
Linux-gcp-4.15 | Ubuntu | upstream | * |
Linux-gcp-5.11 | Ubuntu | focal | * |
Linux-gcp-5.11 | Ubuntu | upstream | * |
Linux-gcp-5.13 | Ubuntu | focal | * |
Linux-gcp-5.13 | Ubuntu | upstream | * |
Linux-gcp-5.15 | Ubuntu | focal | * |
Linux-gcp-5.15 | Ubuntu | upstream | * |
Linux-gcp-5.19 | Ubuntu | jammy | * |
Linux-gcp-5.19 | Ubuntu | upstream | * |
Linux-gcp-5.3 | Ubuntu | bionic | * |
Linux-gcp-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-gcp-5.3 | Ubuntu | upstream | * |
Linux-gcp-5.4 | Ubuntu | upstream | * |
Linux-gcp-5.8 | Ubuntu | focal | * |
Linux-gcp-5.8 | Ubuntu | upstream | * |
Linux-gcp-6.2 | Ubuntu | jammy | * |
Linux-gcp-6.2 | Ubuntu | upstream | * |
Linux-gcp-6.5 | Ubuntu | jammy | * |
Linux-gcp-6.5 | Ubuntu | upstream | * |
Linux-gcp-6.8 | Ubuntu | upstream | * |
Linux-gcp-fips | Ubuntu | fips-preview/jammy | * |
Linux-gcp-fips | Ubuntu | fips-updates/jammy | * |
Linux-gcp-fips | Ubuntu | trusty | * |
Linux-gcp-fips | Ubuntu | upstream | * |
Linux-gcp-fips | Ubuntu | xenial | * |
Linux-gke | Ubuntu | focal | * |
Linux-gke | Ubuntu | jammy | * |
Linux-gke | Ubuntu | noble | * |
Linux-gke | Ubuntu | upstream | * |
Linux-gke | Ubuntu | xenial | * |
Linux-gke-4.15 | Ubuntu | bionic | * |
Linux-gke-4.15 | Ubuntu | esm-infra/bionic | * |
Linux-gke-4.15 | Ubuntu | upstream | * |
Linux-gke-5.15 | Ubuntu | focal | * |
Linux-gke-5.15 | Ubuntu | upstream | * |
Linux-gke-5.4 | Ubuntu | bionic | * |
Linux-gke-5.4 | Ubuntu | esm-infra/bionic | * |
Linux-gke-5.4 | Ubuntu | upstream | * |
Linux-gkeop | Ubuntu | jammy | * |
Linux-gkeop | Ubuntu | upstream | * |
Linux-gkeop-5.15 | Ubuntu | focal | * |
Linux-gkeop-5.15 | Ubuntu | upstream | * |
Linux-gkeop-5.4 | Ubuntu | bionic | * |
Linux-gkeop-5.4 | Ubuntu | esm-infra/bionic | * |
Linux-gkeop-5.4 | Ubuntu | upstream | * |
Linux-hwe | Ubuntu | bionic | * |
Linux-hwe | Ubuntu | esm-infra/bionic | * |
Linux-hwe | Ubuntu | upstream | * |
Linux-hwe-5.11 | Ubuntu | focal | * |
Linux-hwe-5.11 | Ubuntu | upstream | * |
Linux-hwe-5.13 | Ubuntu | focal | * |
Linux-hwe-5.13 | Ubuntu | upstream | * |
Linux-hwe-5.15 | Ubuntu | focal | * |
Linux-hwe-5.15 | Ubuntu | upstream | * |
Linux-hwe-5.19 | Ubuntu | jammy | * |
Linux-hwe-5.19 | Ubuntu | upstream | * |
Linux-hwe-5.4 | Ubuntu | upstream | * |
Linux-hwe-5.8 | Ubuntu | focal | * |
Linux-hwe-5.8 | Ubuntu | upstream | * |
Linux-hwe-6.2 | Ubuntu | jammy | * |
Linux-hwe-6.2 | Ubuntu | upstream | * |
Linux-hwe-6.5 | Ubuntu | jammy | * |
Linux-hwe-6.5 | Ubuntu | upstream | * |
Linux-hwe-6.8 | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | esm-infra/bionic | * |
Linux-hwe-edge | Ubuntu | esm-infra/xenial | * |
Linux-hwe-edge | Ubuntu | upstream | * |
Linux-hwe-edge | Ubuntu | xenial | * |
Linux-ibm | Ubuntu | jammy | * |
Linux-ibm | Ubuntu | mantic | * |
Linux-ibm | Ubuntu | noble | * |
Linux-ibm | Ubuntu | upstream | * |
Linux-ibm-5.15 | Ubuntu | focal | * |
Linux-ibm-5.15 | Ubuntu | upstream | * |
Linux-ibm-5.4 | Ubuntu | upstream | * |
Linux-intel | Ubuntu | noble | * |
Linux-intel | Ubuntu | upstream | * |
Linux-intel-5.13 | Ubuntu | focal | * |
Linux-intel-5.13 | Ubuntu | upstream | * |
Linux-intel-iot-realtime | Ubuntu | realtime/jammy | * |
Linux-intel-iot-realtime | Ubuntu | upstream | * |
Linux-intel-iotg | Ubuntu | jammy | * |
Linux-intel-iotg | Ubuntu | upstream | * |
Linux-intel-iotg-5.15 | Ubuntu | focal | * |
Linux-intel-iotg-5.15 | Ubuntu | upstream | * |
Linux-iot | Ubuntu | upstream | * |
Linux-kvm | Ubuntu | jammy | * |
Linux-kvm | Ubuntu | upstream | * |
Linux-laptop | Ubuntu | mantic | * |
Linux-laptop | Ubuntu | upstream | * |
Linux-lowlatency | Ubuntu | jammy | * |
Linux-lowlatency | Ubuntu | mantic | * |
Linux-lowlatency | Ubuntu | noble | * |
Linux-lowlatency | Ubuntu | upstream | * |
Linux-lowlatency-hwe-5.15 | Ubuntu | focal | * |
Linux-lowlatency-hwe-5.15 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-5.19 | Ubuntu | jammy | * |
Linux-lowlatency-hwe-5.19 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.2 | Ubuntu | jammy | * |
Linux-lowlatency-hwe-6.2 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.5 | Ubuntu | jammy | * |
Linux-lowlatency-hwe-6.5 | Ubuntu | upstream | * |
Linux-lowlatency-hwe-6.8 | Ubuntu | upstream | * |
Linux-lts-xenial | Ubuntu | upstream | * |
Linux-nvidia | Ubuntu | jammy | * |
Linux-nvidia | Ubuntu | noble | * |
Linux-nvidia | Ubuntu | upstream | * |
Linux-nvidia-6.2 | Ubuntu | jammy | * |
Linux-nvidia-6.2 | Ubuntu | upstream | * |
Linux-nvidia-6.5 | Ubuntu | jammy | * |
Linux-nvidia-6.5 | Ubuntu | upstream | * |
Linux-nvidia-6.8 | Ubuntu | jammy | * |
Linux-nvidia-6.8 | Ubuntu | upstream | * |
Linux-nvidia-lowlatency | Ubuntu | upstream | * |
Linux-oem | Ubuntu | bionic | * |
Linux-oem | Ubuntu | esm-infra/bionic | * |
Linux-oem | Ubuntu | upstream | * |
Linux-oem | Ubuntu | xenial | * |
Linux-oem-5.10 | Ubuntu | focal | * |
Linux-oem-5.10 | Ubuntu | upstream | * |
Linux-oem-5.13 | Ubuntu | focal | * |
Linux-oem-5.13 | Ubuntu | upstream | * |
Linux-oem-5.14 | Ubuntu | focal | * |
Linux-oem-5.14 | Ubuntu | upstream | * |
Linux-oem-5.17 | Ubuntu | jammy | * |
Linux-oem-5.17 | Ubuntu | upstream | * |
Linux-oem-5.6 | Ubuntu | focal | * |
Linux-oem-5.6 | Ubuntu | upstream | * |
Linux-oem-6.0 | Ubuntu | jammy | * |
Linux-oem-6.0 | Ubuntu | upstream | * |
Linux-oem-6.1 | Ubuntu | jammy | * |
Linux-oem-6.1 | Ubuntu | upstream | * |
Linux-oem-6.11 | Ubuntu | upstream | * |
Linux-oem-6.5 | Ubuntu | jammy | * |
Linux-oem-6.5 | Ubuntu | upstream | * |
Linux-oem-6.8 | Ubuntu | noble | * |
Linux-oem-6.8 | Ubuntu | upstream | * |
Linux-oracle | Ubuntu | jammy | * |
Linux-oracle | Ubuntu | mantic | * |
Linux-oracle | Ubuntu | noble | * |
Linux-oracle | Ubuntu | upstream | * |
Linux-oracle-5.0 | Ubuntu | bionic | * |
Linux-oracle-5.0 | Ubuntu | esm-infra/bionic | * |
Linux-oracle-5.0 | Ubuntu | upstream | * |
Linux-oracle-5.11 | Ubuntu | focal | * |
Linux-oracle-5.11 | Ubuntu | upstream | * |
Linux-oracle-5.13 | Ubuntu | focal | * |
Linux-oracle-5.13 | Ubuntu | upstream | * |
Linux-oracle-5.15 | Ubuntu | focal | * |
Linux-oracle-5.15 | Ubuntu | upstream | * |
Linux-oracle-5.3 | Ubuntu | bionic | * |
Linux-oracle-5.3 | Ubuntu | esm-infra/bionic | * |
Linux-oracle-5.3 | Ubuntu | upstream | * |
Linux-oracle-5.4 | Ubuntu | upstream | * |
Linux-oracle-5.8 | Ubuntu | focal | * |
Linux-oracle-5.8 | Ubuntu | upstream | * |
Linux-oracle-6.5 | Ubuntu | jammy | * |
Linux-oracle-6.5 | Ubuntu | upstream | * |
Linux-oracle-6.8 | Ubuntu | jammy | * |
Linux-oracle-6.8 | Ubuntu | upstream | * |
Linux-raspi | Ubuntu | jammy | * |
Linux-raspi | Ubuntu | mantic | * |
Linux-raspi | Ubuntu | noble | * |
Linux-raspi | Ubuntu | upstream | * |
Linux-raspi-5.4 | Ubuntu | upstream | * |
Linux-raspi-realtime | Ubuntu | realtime/noble | * |
Linux-raspi-realtime | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | bionic | * |
Linux-raspi2 | Ubuntu | focal | * |
Linux-raspi2 | Ubuntu | upstream | * |
Linux-raspi2 | Ubuntu | xenial | * |
Linux-realtime | Ubuntu | jammy | * |
Linux-realtime | Ubuntu | realtime/jammy | * |
Linux-realtime | Ubuntu | realtime/noble | * |
Linux-realtime | Ubuntu | upstream | * |
Linux-riscv | Ubuntu | focal | * |
Linux-riscv | Ubuntu | jammy | * |
Linux-riscv | Ubuntu | mantic | * |
Linux-riscv | Ubuntu | noble | * |
Linux-riscv | Ubuntu | upstream | * |
Linux-riscv-5.11 | Ubuntu | focal | * |
Linux-riscv-5.11 | Ubuntu | upstream | * |
Linux-riscv-5.15 | Ubuntu | focal | * |
Linux-riscv-5.15 | Ubuntu | upstream | * |
Linux-riscv-5.19 | Ubuntu | jammy | * |
Linux-riscv-5.19 | Ubuntu | upstream | * |
Linux-riscv-5.8 | Ubuntu | focal | * |
Linux-riscv-5.8 | Ubuntu | upstream | * |
Linux-riscv-6.5 | Ubuntu | jammy | * |
Linux-riscv-6.5 | Ubuntu | upstream | * |
Linux-riscv-6.8 | Ubuntu | upstream | * |
Linux-starfive | Ubuntu | mantic | * |
Linux-starfive | Ubuntu | upstream | * |
Linux-starfive-5.19 | Ubuntu | jammy | * |
Linux-starfive-5.19 | Ubuntu | upstream | * |
Linux-starfive-6.2 | Ubuntu | jammy | * |
Linux-starfive-6.2 | Ubuntu | upstream | * |
Linux-starfive-6.5 | Ubuntu | jammy | * |
Linux-starfive-6.5 | Ubuntu | upstream | * |
Linux-xilinx-zynqmp | Ubuntu | jammy | * |
Linux-xilinx-zynqmp | Ubuntu | upstream | * |