ALAS2LIVEPATCH-2023-116 --- kernel-livepatch-5.10.162-141.675ID: oval:org.secpod.oval:def:1701253 | Date: (C)2023-04-17 (M)2024-04-25 |
Class: PATCH | Family: unix |
The upstream bug report describes this issue as follows:A flaw found in the Linux Kernel in RDS protocol. The rds_rm_zerocopy_callback uses list_entry on the head of a list causing a type confusion. Local user can trigger this with rds_message_put. Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an OOB access, and a lock corruption. In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure during the renaming of a device
Product: |
kernel-livepatch-5.10.162-141.675 |