Acknowledged
Created: Sep 21, 2025
Updated: Sep 23, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]ax25: properly unshare skbs in ax25_kiss_rcv()[EOL][EOL]Bernard Pidoux reported a regression apparently caused by commit[EOL]c353e8983e0d ("net: introduce per netns packet chains").[EOL][EOL]skb->dev becomes NULL and we crash in __netif_receive_skb_core().[EOL][EOL]Before above commit, different kind of bugs or corruptions could happen[EOL]without a major crash.[EOL][EOL]But the root cause is that ax25_kiss_rcv() can queue/mangle input skb[EOL]without checking if this skb is shared or not.[EOL][EOL]Many thanks to Bernard Pidoux for his help, diagnosis and tests.[EOL][EOL]We had a similar issue years ago fixed with commit 7aaed57c5c28[EOL]("phonet: properly unshare skbs in phonet_rcv()").
