In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the error path. Note that we can remove the fib6_nh_release() call in nh_create_ipv6() later in net-next.git.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: Se corrigió la fuga de memoria de nhc_pcpu_rth_output en fib_check_nh_v6_gw(). fib_check_nh_v6_gw() espera que fib6_nh_init() limpie todo cuando falla. El commit 7dd73168e273 ("ipv6: Asignar siempre memoria pcpu en un fib6_nh") movió fib_nh_common_init() antes de alloc_percpu_gfp() dentro de fib6_nh_init(), pero olvidó añadir la limpieza para fib6_nh->nh_common.nhc_pcpu_rth_output en caso de que no se asigne fib6_nh->rt6i_pcpu, lo que resulta en una fuga de memoria. Invoquemos fib_nh_common_release() y borremos nhc_pcpu_rth_output en la ruta de error. Tenga en cuenta que podemos eliminar la llamada a fib6_nh_release() en nh_create_ipv6() más adelante en net-next.git.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-401
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-401
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b8344e040> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdcc59a80> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdcc5b600> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bdd8919c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b8344d780> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc1dc100> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702bdc51a3c0> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702bfc337900> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702bfc335e00> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702b8344d300> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702bfc1de200> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702bfc337100> | Operating System |
| linux | linux_kernel | 6.14 | <built-in method update of dict object at 0x702b8344e240> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc6:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.14:rc7:*:*:*:*:*:* |