blob: 1867d5d2c727b2418d3f388e856beeb1505807a1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
Description: memory leak in fib6_rule_suppress could result in DoS
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2014623
https://bugzilla.redhat.com/show_bug.cgi?id=2008123
https://bugzilla.suse.com/show_bug.cgi?id=1192261
Notes:
carnil> At time of writing only limited information provided by Red
carnil> Hat: "The kernel leaks memory when firewalld IPv6_rpfilter is
carnil> enabled and a suppress_prefix rule is present in the IPv6
carnil> routing rules (used by certain tools such as wg-quick). In such
carnil> scenarios, every incoming packet will leak an allocation in
carnil> ip6_dst_cache slab cache." The SUSE bugzilla entry indicates
carnil> this as to be related to ca7a03c41753 ("ipv6: do not free rt if
carnil> FIB_LOOKUP_NOREF is set on suppress rule") which makes it
carnil> potentially a duplicate of CVE-2019-18198.
Bugs:
upstream:
5.10-upstream-stable:
4.19-upstream-stable:
4.9-upstream-stable:
sid:
5.10-bullseye-security:
4.19-buster-security:
4.9-stretch-security:
|
