cve/published/2024/CVE-2024-38612.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-38612: ipv6: sr: fix invalid unregister error path

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ipv6: sr: fix invalid unregister error path

 The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL
 is not defined. In that case if seg6_hmac_init() fails, the
 genl_unregister_family() isn't called.

 This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control
 lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible
 use-after-free and null-ptr-deref") replaced unregister_pernet_subsys()
 with genl_unregister_family() in this error path.

 The Linux kernel CVE team has assigned CVE-2024-38612 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 4.19.316 with commit 10610575a3ac2a702bf5c57aa931beaf847949c7
 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 5.4.278 with commit 646cd236c55e2cb5f146fc41bbe4034c4af5b2a4
 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 5.10.219 with commit 00e6335329f23ac6cf3105931691674e28bc598c
 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 5.15.161 with commit 1a63730fb315bb1bab97edd69ff58ad45e04bb01
 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.1.93 with commit e77a3ec7ada84543e75722a1283785a6544de925
 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.6.33 with commit 3398a40dccb88d3a7eef378247a023a78472db66
 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.8.12 with commit 85a70ff1e572160f1eeb096ed48d09a1c9d4d89a
 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.9.3 with commit c04d6a914e890ccea4a9d11233009a2ee7978bf4
 	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.10 with commit 160e9d2752181fcf18c662e74022d77d3164cd45

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-38612
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/ipv6/seg6.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7
 	https://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4
 	https://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598c
 	https://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01
 	https://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925
 	https://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66
 	https://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89a
 	https://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4
 	https://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-38612: ipv6: sr: fix invalid unregister error path

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ipv6: sr: fix invalid unregister error path

	The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL
	is not defined. In that case if seg6_hmac_init() fails, the
	genl_unregister_family() isn't called.

	This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control
	lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible
	use-after-free and null-ptr-deref") replaced unregister_pernet_subsys()
	with genl_unregister_family() in this error path.

	The Linux kernel CVE team has assigned CVE-2024-38612 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 4.19.316 with commit 10610575a3ac2a702bf5c57aa931beaf847949c7
	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 5.4.278 with commit 646cd236c55e2cb5f146fc41bbe4034c4af5b2a4
	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 5.10.219 with commit 00e6335329f23ac6cf3105931691674e28bc598c
	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 5.15.161 with commit 1a63730fb315bb1bab97edd69ff58ad45e04bb01
	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.1.93 with commit e77a3ec7ada84543e75722a1283785a6544de925
	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.6.33 with commit 3398a40dccb88d3a7eef378247a023a78472db66
	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.8.12 with commit 85a70ff1e572160f1eeb096ed48d09a1c9d4d89a
	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.9.3 with commit c04d6a914e890ccea4a9d11233009a2ee7978bf4
	Issue introduced in 4.10 with commit 46738b1317e169b281ad74690276916e24d1be6d and fixed in 6.10 with commit 160e9d2752181fcf18c662e74022d77d3164cd45

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-38612
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/ipv6/seg6.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/10610575a3ac2a702bf5c57aa931beaf847949c7
	https://git.kernel.org/stable/c/646cd236c55e2cb5f146fc41bbe4034c4af5b2a4
	https://git.kernel.org/stable/c/00e6335329f23ac6cf3105931691674e28bc598c
	https://git.kernel.org/stable/c/1a63730fb315bb1bab97edd69ff58ad45e04bb01
	https://git.kernel.org/stable/c/e77a3ec7ada84543e75722a1283785a6544de925
	https://git.kernel.org/stable/c/3398a40dccb88d3a7eef378247a023a78472db66
	https://git.kernel.org/stable/c/85a70ff1e572160f1eeb096ed48d09a1c9d4d89a
	https://git.kernel.org/stable/c/c04d6a914e890ccea4a9d11233009a2ee7978bf4
	https://git.kernel.org/stable/c/160e9d2752181fcf18c662e74022d77d3164cd45