A flaw in the Linux Kernel found.
If looking at a suspect synchronize_net() added in the blamed commit
f185de28d9ae ("mld: add new workqueues for process mld events"),
I found that igmp6_event_query() and igmp6_event_report()
simply forget to free skbs when their respective queues are full.
The fix is for the
This means that attackers can remotely OOM hosts, which is not nice.
TODO add link to patch when public
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2063534]
This was fixed for Fedora with the 5.16.13 stable kernel updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):