Acknowledged
Created: Jul 7, 2025
Updated: Jul 8, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer[EOL][EOL]The reproduction steps:[EOL]1. create a tun interface[EOL]2. enable l2 bearer[EOL]3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun[EOL][EOL]tipc: Started in network mode[EOL]tipc: Node identity 8af312d38a21, cluster identity 4711[EOL]tipc: Enabled bearer <eth:syz_tun>, priority 1[EOL]Oops: general protection fault[EOL]KASAN: null-ptr-deref in range[EOL]CPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT[EOL]Hardware name: QEMU Ubuntu 24.04 PC[EOL]RIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0[EOL][EOL]the ub was in fact a struct dev.[EOL][EOL]when bid != 0 && skip_cnt != 0, bearer_list[bid] may be NULL or[EOL]other media when other thread changes it.[EOL][EOL]fix this by checking media_id.
CREATE(Triage):(User=admin) [CVE-2025-38184 (https://nvd.nist.gov/vuln/detail/CVE-2025-38184)
