Fixed
Created: Mar 2, 2024
Updated: Apr 16, 2024
Resolved Date: Apr 16, 2024
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
ipv4: fix null-deref in ipv4_link_failure
Currently, we assume the skb is associated with a device before calling
__ip_options_compile, which is not always the case if it is re-routed by
ipvs.
When skb->dev is NULL, dev_net(skb->dev) will become null-dereference.
This patch adds a check for the edge case and switch to use the net_device
from the rtable when skb->dev is NULL.
CREATE(Triage):(User=admin) CVE-2023-52579 (https://nvd.nist.gov/vuln/detail/CVE-2023-52579)
