Headline
CVE-2023-2019: netdevsim: fib: Fix reference count leak on route deletion failure · torvalds/linux@180a6a3
A flaw was found in the Linux kernel’s netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.
Permalink
Browse files
netdevsim: fib: Fix reference count leak on route deletion failure
As part of FIB offload simulation, netdevsim stores IPv4 and IPv6 routes and holds a reference on FIB info structures that in turn hold a reference on the associated nexthop device(s).
In the unlikely case where we are unable to allocate memory to process a route deletion request, netdevsim will not release the reference from the associated FIB info structure, thereby preventing the associated nexthop device(s) from ever being removed [1].
Fix this by scheduling a work item that will flush netdevsim’s FIB table upon route deletion failure. This will cause netdevsim to release its reference from all the FIB info structures in its table.
Reported by Lucas Leong of Trend Micro Zero Day Initiative.
Fixes: 0ae3eb7 (“netdevsim: fib: Perform the route programming in a non-atomic context”) Signed-off-by: Ido Schimmel [email protected] Reviewed-by: Amit Cohen [email protected] Reviewed-by: David Ahern [email protected] Signed-off-by: David S. Miller [email protected]
- Loading branch information