A reachable assertion issue was found in the Linux kernel's IPv6 RPL protocol. Quoting ZDI security advisory [1]: "This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the RPL protocol. The issue results from the lack of proper handling of user-supplied data, which can result in an assertion failure. An attacker can leverage this vulnerability to create a denial-of-service condition on the system." [1] https://www.zerodayinitiative.com/advisories/ZDI-23-547/
Tentative patch: https://lore.kernel.org/netdev/20230417130052.2316819-1-aahringo@redhat.com/ https://github.com/torvalds/linux/commit/4e006c7a6dac0ead4c1bf606000aa90a372fc253 As mentioned in the ZDI advisory "the patch may not work, and it was confirmed by the ZDI that the vulnerability is reproducible on the latest mainline".
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2196480]
This was fixed for Fedora with the 6.2.13 stable kernel updates.
This comment was flagged a spam, view the edit history to see the original text if required.