Bug 2182443 (CVE-2023-26545) - CVE-2023-26545 kernel: mpls: double free on sysctl allocation failure
Summary: CVE-2023-26545 kernel: mpls: double free on sysctl allocation failure
Keywords:
Status: NEW
Alias: CVE-2023-26545
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2184953 Red Hat2184955 Red Hat2184956 Red Hat2184957
Blocks: Embargoed2173493
TreeView+ depends on / blocked
 
Reported: 2023-03-28 16:23 UTC by Pedro Sampaio
Modified: 2023-05-02 03:44 UTC (History)
45 users (show)

Fixed In Version: kernel 6.2
Doc Type: If docs needed, set a value
Doc Text:
A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code.
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)

Description Pedro Sampaio 2023-03-28 16:23:09 UTC 
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

References:

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377
https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377
Note You need to log in before you can comment on or make changes to this bug.