| Summary: | kernel: regression in CVE-2011-1768 fix [rhel-6.2] | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Eugene Teo (Security Response) <eteo> | |
| Component: | kernel | Assignee: | Jiri Benc <jbenc> | |
| Status: | CLOSED NOTABUG | QA Contact: | Red Hat Kernel QE team <kernel-qe> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.2 | CC: | anton, arozansk, cebbert, davej, eteo, fhrbata, kmcmartin, lwang, sforsber | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 733986 (view as bug list) | Environment: | ||
| Last Closed: | 2011-09-07 16:42:26 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 733986 | |||
Description of problem: The upstream commit d5aa407f59f5b83d2c50ec88f5bf56d40f1f8978 ("tunnels: fix netns vs proto registration ordering") was not backported correctly, and results in a NULL pointer dereference in ip6_tunnel.c. https://bugs.gentoo.org/show_bug.cgi?id=380609 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 7fb3e02..53e0d51 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -1466,7 +1466,7 @@ static int __init ip6_tunnel_init(void) { int err; - err = register_pernet_device(&ip6_tnl_net_ops); + err = register_pernet_gen_device(&ip6_tnl_net_id, &ip6_tnl_net_ops); if (err < 0) goto out_pernet; The upstream commit d5aa407 that has this regression was previously backported in 6.1.z via RHSA-2011:0928.