Bug 2182443 (CVE-2023-26545) - CVE-2023-26545 kernel: mpls: double free on sysctl allocation failure
Summary: CVE-2023-26545 kernel: mpls: double free on sysctl allocation failure
Keywords:
Status: NEW
Alias: CVE-2023-26545
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2184953 2184955 2184956 2184957
Blocks: 2173493
TreeView+ depends on / blocked
 
Reported: 2023-03-28 16:23 UTC by Pedro Sampaio
Modified: 2024-02-13 01:12 UTC (History)
45 users (show)

Fixed In Version: kernel 6.2
Doc Type: If docs needed, set a value
Doc Text:
A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:6835 0 None None None 2023-11-09 07:10:52 UTC
Red Hat Product Errata RHBA-2023:7268 0 None None None 2023-11-15 18:25:23 UTC
Red Hat Product Errata RHBA-2023:7328 0 None None None 2023-11-16 11:38:54 UTC
Red Hat Product Errata RHBA-2023:7338 0 None None None 2023-11-16 18:04:15 UTC
Red Hat Product Errata RHBA-2023:7343 0 None None None 2023-11-20 01:58:43 UTC
Red Hat Product Errata RHBA-2023:7346 0 None None None 2023-11-20 09:25:44 UTC
Red Hat Product Errata RHSA-2023:6583 0 None None None 2023-11-07 08:20:19 UTC
Red Hat Product Errata RHSA-2023:6901 0 None None None 2023-11-14 15:15:13 UTC
Red Hat Product Errata RHSA-2023:7077 0 None None None 2023-11-14 15:20:46 UTC
Red Hat Product Errata RHSA-2024:0412 0 None None None 2024-01-24 16:43:27 UTC
Red Hat Product Errata RHSA-2024:0575 0 None None None 2024-01-30 13:21:23 UTC

Description Pedro Sampaio 2023-03-28 16:23:09 UTC
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

References:

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377
https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377

Comment 3 errata-xmlrpc 2023-11-07 08:20:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6583

Comment 4 errata-xmlrpc 2023-11-14 15:15:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901

Comment 5 errata-xmlrpc 2023-11-14 15:20:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077

Comment 8 errata-xmlrpc 2024-01-24 16:43:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0412

Comment 9 errata-xmlrpc 2024-01-30 13:21:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0575 https://access.redhat.com/errata/RHSA-2024:0575


Note You need to log in before you can comment on or make changes to this bug.