5.5

CVE-2023-53189

ipv6/addrconf: fix a potential refcount underflow for idev

In the Linux kernel, the following vulnerability has been resolved:

ipv6/addrconf: fix a potential refcount underflow for idev

Now in addrconf_mod_rs_timer(), reference idev depends on whether
rs_timer is not pending. Then modify rs_timer timeout.

There is a time gap in [1], during which if the pending rs_timer
becomes not pending. It will miss to hold idev, but the rs_timer
is activated. Thus rs_timer callback function addrconf_rs_timer()
will be executed and put idev later without holding idev. A refcount
underflow issue for idev can be caused by this.

	if (!timer_pending(&idev->rs_timer))
		in6_dev_hold(idev);
		  <--------------[1]
	mod_timer(&idev->rs_timer, jiffies + when);

To fix the issue, hold idev if mod_timer() return 0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.10.105 < 4.14.322
LinuxLinux Kernel Version >= 4.15 < 4.19.291
LinuxLinux Kernel Version >= 4.20 < 5.4.251
LinuxLinux Kernel Version >= 5.5 < 5.10.188
LinuxLinux Kernel Version >= 5.11 < 5.15.121
LinuxLinux Kernel Version >= 5.16 < 6.1.40
LinuxLinux Kernel Version >= 6.2 < 6.4.5
LinuxLinux Kernel Version6.5 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.042
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://git.kernel.org/stable/c/c6395e32935d35e6f935e7caf1c2dac5a95943b4
Patch
https://git.kernel.org/stable/c/df62fdcd004afa72ecbed0e862ebb983acd3aa57
Patch
https://git.kernel.org/stable/c/c7eeba47058532f6077d6a658e38b6698f6ae71a
Patch
https://git.kernel.org/stable/c/2ad31ce40e8182860b631e37209e93e543790b7c
Patch
https://git.kernel.org/stable/c/82abd1c37d3bf2a2658b34772c17a25a6f9cca42
Patch
https://git.kernel.org/stable/c/436b7cc7eae7851c184b671ed7a4a64c750b86f7
Patch
https://git.kernel.org/stable/c/1f656e483eb4733d62f18dfb206a49b78f60f495
Patch
https://git.kernel.org/stable/c/06a0716949c22e2aefb648526580671197151acc
Patch