摘要:
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
While looking at one unrelated syzbot bug, I found the replay logic
in __rtnl_newlink() to potentially trigger use-after-free.
It is better to clear master_dev and m_ops inside the loop,
in case we have to replay it.
安全等级: Low
公告ID: KylinSec-SA-2024-2998
发布日期: 2024年6月29日
关联CVE: CVE-2022-48742
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
While looking at one unrelated syzbot bug, I found the replay logic
in __rtnl_newlink() to potentially trigger use-after-free.
It is better to clear master_dev and m_ops inside the loop,
in case we have to replay it.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-48742 | KY3.4-5A | kernel | Unaffected |
| CVE-2022-48742 | KY3.5.2 | kernel | Unaffected |
| CVE-2022-48742 | V6 | kernel | Unaffected |
