2211440 – (CVE-2023-3022) CVE-2023-3022 kernel: IPv6: panic in fib6_rule_suppress when fib6_rule_lookup fails

Bug 2211440 (CVE-2023-3022) - CVE-2023-3022 kernel: IPv6: panic in fib6_rule_suppress when fib6_rule_lookup fails

Summary: CVE-2023-3022 kernel: IPv6: panic in fib6_rule_suppress when fib6_rule_lookup...

Keywords:
Status:	NEW
Alias:	CVE-2023-3022
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2006441 2167604 2175952 2211457 2211461 2211462 2211463
Blocks:	2176407
TreeView+	depends on / blocked

Reported:	2023-05-31 16:21 UTC by Alex
Modified:	2023-07-07 08:35 UTC (History)
CC List:	44 users (show)
Fixed In Version:	kernel 5.2-rc1
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Alex 2023-05-31 16:21:34 UTC

A flaw in the Linux Kernel found. If IPV6 being used in the way that some specific networking local rule enabled and both IPV6 being used, then it can lead to Kernel crash with the message "fib6_rule_suppress+0x22". It happens when receiving some networking packet to the local IPV6 address that matches this specific rule.

References:
https://github.com/torvalds/linux/commit/a65120bae4b7
https://bugzilla.redhat.com/show_bug.cgi?id=2175952
https://bugzilla.redhat.com/show_bug.cgi?id=2167604
https://bugzilla.redhat.com/show_bug.cgi?id=2140599#c13

Comment 1 Alex 2023-05-31 17:03:58 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2211457]

Comment 10 Justin M. Forbes 2023-06-05 12:28:50 UTC

This was fixed for Fedora in the 5.2 stable kernel rebases.

Comment 12 Mauro Matteo Cascella 2023-06-19 09:13:13 UTC

This issue was fixed upstream in version 5.2-rc1. The kernel packages as shipped in the following Red Hat products were previously updated to a version that contains the fix via the following errata:

kernel in Red Hat Enterprise Linux 8.6 Extended Update Support
https://access.redhat.com/errata/RHSA-2023:1130

kernel-rt in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2022:1975

Note You need to log in before you can comment on or make changes to this bug.

acaringi
allarkin
bhu
chwhite
dbohanno
ddepaula
debarbos
dfreiber
dvlasenk
ezulian
hkrzesin
jarod
jburrell
jdenham
jfaracco
jferlan
jforbes
jlelli
joe.lawrence
jshortt
jstancek
jwyatt
kcarcia
kernel-mgr
ldoskova
lgoncalv
lleshchi
lzampier
nmurray
ptalbert
qzhao
rogbas
rrobaina
rvrbovsk
rysulliv
scweaver
swood
tyberry
vkumar
walters
wcosta
williams
wmealing
ycote