CVE-2026-23273 (GCVE-0-2026-23273)

Vulnerability from cvelistv5 – Published: 2026-03-20 08:08 – Updated: 2026-05-23 16:04
VLAI
Title
macvlan: observe an RCU grace period in macvlan_common_newlink() error path
Summary
In the Linux kernel, the following vulnerability has been resolved: macvlan: observe an RCU grace period in macvlan_common_newlink() error path valis reported that a race condition still happens after my prior patch. macvlan_common_newlink() might have made @dev visible before detecting an error, and its caller will directly call free_netdev(dev). We must respect an RCU period, either in macvlan or the core networking stack. After adding a temporary mdelay(1000) in macvlan_forward_source_one() to open the race window, valis repro was: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip link add mv0 link p2 type macvlan mode source (ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20 &) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4 PING 1.2.3.4 (1.2.3.4): 56 data bytes RTNETLINK answers: Invalid argument BUG: KASAN: slab-use-after-free in macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444) Read of size 8 at addr ffff888016bb89c0 by task e/175 CPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Call Trace: <IRQ> dump_stack_lvl (lib/dump_stack.c:123) print_report (mm/kasan/report.c:379 mm/kasan/report.c:482) ? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444) kasan_report (mm/kasan/report.c:597) ? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444) macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444) ? tasklet_init (kernel/softirq.c:983) macvlan_handle_frame (drivers/net/macvlan.c:501) Allocated by task 169: kasan_save_stack (mm/kasan/common.c:58) kasan_save_track (./arch/x86/include/asm/current.h:25 mm/kasan/common.c:70 mm/kasan/common.c:79) __kasan_kmalloc (mm/kasan/common.c:419) __kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657 mm/slub.c:7140) alloc_netdev_mqs (net/core/dev.c:12012) rtnl_create_link (net/core/rtnetlink.c:3648) rtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957 net/core/rtnetlink.c:4072) rtnetlink_rcv_msg (net/core/rtnetlink.c:6958) netlink_rcv_skb (net/netlink/af_netlink.c:2550) netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344) netlink_sendmsg (net/netlink/af_netlink.c:1894) __sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206) __x64_sys_sendto (net/socket.c:2209) do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) Freed by task 169: kasan_save_stack (mm/kasan/common.c:58) kasan_save_track (./arch/x86/include/asm/current.h:25 mm/kasan/common.c:70 mm/kasan/common.c:79) kasan_save_free_info (mm/kasan/generic.c:587) __kasan_slab_free (mm/kasan/common.c:287) kfree (mm/slub.c:6674 mm/slub.c:6882) rtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957 net/core/rtnetlink.c:4072) rtnetlink_rcv_msg (net/core/rtnetlink.c:6958) netlink_rcv_skb (net/netlink/af_netlink.c:2550) netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344) netlink_sendmsg (net/netlink/af_netlink.c:1894) __sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206) __x64_sys_sendto (net/socket.c:2209) do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)
Severity
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: da5c6b8ae47e414be47e5e04def15b25d5c962dc , < 91e4ff8d966978901630fc29582c1a76d3c6e46c (git)
Affected: 5dae6b36a7cb7a4fcf4121b95e9ca7f96f816c8a , < 3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4 (git)
Affected: c43d0e787cbba569ec9d11579ed370b50fab6c9c , < 721eb342d9ba19bad5c4815ea3921465158b7362 (git)
Affected: 11ba9f0dc865136174cb98834280fb21bbc950c7 , < 19c7d8ac51988d053709c1e85bd8482076af845d (git)
Affected: 986967a162142710076782d5b93daab93a892980 , < a1f686d273d129b45712d95f4095843b864466bd (git)
Affected: cdedcd5aa3f3cb8b7ae0f87ab3a936d0bd583d66 , < d34f7a8aa9a25b7e64e0e46e444697c0f702374d (git)
Affected: f8db6475a83649689c087a8f52486fcc53e627e9 , < 1e58ae87ad1e6e24368dea9aec9048c758cd0e2b (git)
Affected: f8db6475a83649689c087a8f52486fcc53e627e9 , < e3f000f0dee1bfab52e2e61ca6a3835d9e187e35 (git)
Affected: 5.10.250 , < 5.10.252 (semver)
Affected: 5.15.200 , < 5.15.202 (semver)
Affected: 6.1.163 , < 6.1.165 (semver)
Affected: 6.6.124 , < 6.6.128 (semver)
Affected: 6.12.70 , < 6.12.75 (semver)
Affected: 6.18.10 , < 6.18.14 (semver)
Create a notification for this product.
Linux Linux Affected: 6.19
Unaffected: 0 , < 6.19 (semver)
Unaffected: 5.10.252 , ≤ 5.10.* (semver)
Unaffected: 5.15.202 , ≤ 5.15.* (semver)
Unaffected: 6.1.165 , ≤ 6.1.* (semver)
Unaffected: 6.6.128 , ≤ 6.6.* (semver)
Unaffected: 6.12.75 , ≤ 6.12.* (semver)
Unaffected: 6.18.14 , ≤ 6.18.* (semver)
Unaffected: 6.19.4 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/macvlan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "91e4ff8d966978901630fc29582c1a76d3c6e46c",
              "status": "affected",
              "version": "da5c6b8ae47e414be47e5e04def15b25d5c962dc",
              "versionType": "git"
            },
            {
              "lessThan": "3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4",
              "status": "affected",
              "version": "5dae6b36a7cb7a4fcf4121b95e9ca7f96f816c8a",
              "versionType": "git"
            },
            {
              "lessThan": "721eb342d9ba19bad5c4815ea3921465158b7362",
              "status": "affected",
              "version": "c43d0e787cbba569ec9d11579ed370b50fab6c9c",
              "versionType": "git"
            },
            {
              "lessThan": "19c7d8ac51988d053709c1e85bd8482076af845d",
              "status": "affected",
              "version": "11ba9f0dc865136174cb98834280fb21bbc950c7",
              "versionType": "git"
            },
            {
              "lessThan": "a1f686d273d129b45712d95f4095843b864466bd",
              "status": "affected",
              "version": "986967a162142710076782d5b93daab93a892980",
              "versionType": "git"
            },
            {
              "lessThan": "d34f7a8aa9a25b7e64e0e46e444697c0f702374d",
              "status": "affected",
              "version": "cdedcd5aa3f3cb8b7ae0f87ab3a936d0bd583d66",
              "versionType": "git"
            },
            {
              "lessThan": "1e58ae87ad1e6e24368dea9aec9048c758cd0e2b",
              "status": "affected",
              "version": "f8db6475a83649689c087a8f52486fcc53e627e9",
              "versionType": "git"
            },
            {
              "lessThan": "e3f000f0dee1bfab52e2e61ca6a3835d9e187e35",
              "status": "affected",
              "version": "f8db6475a83649689c087a8f52486fcc53e627e9",
              "versionType": "git"
            },
            {
              "lessThan": "5.10.252",
              "status": "affected",
              "version": "5.10.250",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.202",
              "status": "affected",
              "version": "5.15.200",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.165",
              "status": "affected",
              "version": "6.1.163",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.128",
              "status": "affected",
              "version": "6.6.124",
              "versionType": "semver"
            },
            {
              "lessThan": "6.12.75",
              "status": "affected",
              "version": "6.12.70",
              "versionType": "semver"
            },
            {
              "lessThan": "6.18.14",
              "status": "affected",
              "version": "6.18.10",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/macvlan.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.19"
            },
            {
              "lessThan": "6.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.252",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.165",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.128",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.75",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.252",
                  "versionStartIncluding": "5.10.250",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.202",
                  "versionStartIncluding": "5.15.200",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.165",
                  "versionStartIncluding": "6.1.163",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.128",
                  "versionStartIncluding": "6.6.124",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.75",
                  "versionStartIncluding": "6.12.70",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.14",
                  "versionStartIncluding": "6.18.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.4",
                  "versionStartIncluding": "6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "6.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: observe an RCU grace period in macvlan_common_newlink() error path\n\nvalis reported that a race condition still happens after my prior patch.\n\nmacvlan_common_newlink() might have made @dev visible before\ndetecting an error, and its caller will directly call free_netdev(dev).\n\nWe must respect an RCU period, either in macvlan or the core networking\nstack.\n\nAfter adding a temporary mdelay(1000) in macvlan_forward_source_one()\nto open the race window, valis repro was:\n\nip link add p1 type veth peer p2\nip link set address 00:00:00:00:00:20 dev p1\nip link set up dev p1\nip link set up dev p2\nip link add mv0 link p2 type macvlan mode source\n\n(ip link add invalid% link p2 type macvlan mode source macaddr add\n00:00:00:00:00:20 \u0026) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4\nPING 1.2.3.4 (1.2.3.4): 56 data bytes\nRTNETLINK answers: Invalid argument\n\nBUG: KASAN: slab-use-after-free in macvlan_forward_source\n(drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nRead of size 8 at addr ffff888016bb89c0 by task e/175\n\nCPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:123)\nprint_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nkasan_report (mm/kasan/report.c:597)\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nmacvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\n? tasklet_init (kernel/softirq.c:983)\nmacvlan_handle_frame (drivers/net/macvlan.c:501)\n\nAllocated by task 169:\nkasan_save_stack (mm/kasan/common.c:58)\nkasan_save_track (./arch/x86/include/asm/current.h:25\nmm/kasan/common.c:70 mm/kasan/common.c:79)\n__kasan_kmalloc (mm/kasan/common.c:419)\n__kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657\nmm/slub.c:7140)\nalloc_netdev_mqs (net/core/dev.c:12012)\nrtnl_create_link (net/core/rtnetlink.c:3648)\nrtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957\nnet/core/rtnetlink.c:4072)\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\n__x64_sys_sendto (net/socket.c:2209)\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\n\nFreed by task 169:\nkasan_save_stack (mm/kasan/common.c:58)\nkasan_save_track (./arch/x86/include/asm/current.h:25\nmm/kasan/common.c:70 mm/kasan/common.c:79)\nkasan_save_free_info (mm/kasan/generic.c:587)\n__kasan_slab_free (mm/kasan/common.c:287)\nkfree (mm/slub.c:6674 mm/slub.c:6882)\nrtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957\nnet/core/rtnetlink.c:4072)\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\n__x64_sys_sendto (net/socket.c:2209)\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T16:04:27.068Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/91e4ff8d966978901630fc29582c1a76d3c6e46c"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/721eb342d9ba19bad5c4815ea3921465158b7362"
        },
        {
          "url": "https://git.kernel.org/stable/c/19c7d8ac51988d053709c1e85bd8482076af845d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1f686d273d129b45712d95f4095843b864466bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/d34f7a8aa9a25b7e64e0e46e444697c0f702374d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e58ae87ad1e6e24368dea9aec9048c758cd0e2b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35"
        }
      ],
      "title": "macvlan: observe an RCU grace period in macvlan_common_newlink() error path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23273",
    "datePublished": "2026-03-20T08:08:54.111Z",
    "dateReserved": "2026-01-13T15:37:45.991Z",
    "dateUpdated": "2026-05-23T16:04:27.068Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-23273",
      "date": "2026-06-16",
      "epss": "0.00119",
      "percentile": "0.02104"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23273\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-20T09:16:12.847\",\"lastModified\":\"2026-04-02T15:16:29.503\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmacvlan: observe an RCU grace period in macvlan_common_newlink() error path\\n\\nvalis reported that a race condition still happens after my prior patch.\\n\\nmacvlan_common_newlink() might have made @dev visible before\\ndetecting an error, and its caller will directly call free_netdev(dev).\\n\\nWe must respect an RCU period, either in macvlan or the core networking\\nstack.\\n\\nAfter adding a temporary mdelay(1000) in macvlan_forward_source_one()\\nto open the race window, valis repro was:\\n\\nip link add p1 type veth peer p2\\nip link set address 00:00:00:00:00:20 dev p1\\nip link set up dev p1\\nip link set up dev p2\\nip link add mv0 link p2 type macvlan mode source\\n\\n(ip link add invalid% link p2 type macvlan mode source macaddr add\\n00:00:00:00:00:20 \u0026) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4\\nPING 1.2.3.4 (1.2.3.4): 56 data bytes\\nRTNETLINK answers: Invalid argument\\n\\nBUG: KASAN: slab-use-after-free in macvlan_forward_source\\n(drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nRead of size 8 at addr ffff888016bb89c0 by task e/175\\n\\nCPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\\nCall Trace:\\n\u003cIRQ\u003e\\ndump_stack_lvl (lib/dump_stack.c:123)\\nprint_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nkasan_report (mm/kasan/report.c:597)\\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nmacvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\n? tasklet_init (kernel/softirq.c:983)\\nmacvlan_handle_frame (drivers/net/macvlan.c:501)\\n\\nAllocated by task 169:\\nkasan_save_stack (mm/kasan/common.c:58)\\nkasan_save_track (./arch/x86/include/asm/current.h:25\\nmm/kasan/common.c:70 mm/kasan/common.c:79)\\n__kasan_kmalloc (mm/kasan/common.c:419)\\n__kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657\\nmm/slub.c:7140)\\nalloc_netdev_mqs (net/core/dev.c:12012)\\nrtnl_create_link (net/core/rtnetlink.c:3648)\\nrtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957\\nnet/core/rtnetlink.c:4072)\\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\\n__x64_sys_sendto (net/socket.c:2209)\\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\\n\\nFreed by task 169:\\nkasan_save_stack (mm/kasan/common.c:58)\\nkasan_save_track (./arch/x86/include/asm/current.h:25\\nmm/kasan/common.c:70 mm/kasan/common.c:79)\\nkasan_save_free_info (mm/kasan/generic.c:587)\\n__kasan_slab_free (mm/kasan/common.c:287)\\nkfree (mm/slub.c:6674 mm/slub.c:6882)\\nrtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957\\nnet/core/rtnetlink.c:4072)\\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\\n__x64_sys_sendto (net/socket.c:2209)\\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\\n\\nmacvlan: observar un per\u00edodo de gracia RCU en la ruta de error de macvlan_common_newlink()\\n\\nvalis inform\u00f3 que una condici\u00f3n de carrera todav\u00eda ocurre despu\u00e9s de mi parche anterior.\\n\\nmacvlan_common_newlink() podr\u00eda haber hecho visible a @dev antes de detectar un error, y su llamador llamar\u00e1 directamente a free_netdev(dev).\\n\\nDebemos respetar un per\u00edodo RCU, ya sea en macvlan o en la pila de red central.\\n\\nDespu\u00e9s de a\u00f1adir un mdelay(1000) temporal en macvlan_forward_source_one() para abrir la ventana de carrera, la reproducci\u00f3n de valis fue:\\n\\nip link add p1 type veth peer p2\\nip link set address 00:00:00:00:00:20 dev p1\\nip link set up dev p1\\nip link set up dev p2\\nip link add mv0 link p2 type macvlan mode source\\n\\n(ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20 \u0026amp;) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4\\nPING 1.2.3.4 (1.2.3.4): 56 data bytes\\nRTNETLINK answers: Invalid argument\\n\\nBUG: KASAN: slab-uso despu\u00e9s de liberaci\u00f3n en macvlan_forward_source\\n(drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nRead of size 8 at addr ffff888016bb89c0 by task e/175\\n\\nCPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\\nCall Trace:\\n\\ndump_stack_lvl (lib/dump_stack.c:123)\\nprint_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nkasan_report (mm/kasan/report.c:597)\\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nmacvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\n? tasklet_init (kernel/softirq.c:983)\\nmacvlan_handle_frame (drivers/net/macvlan.c:501)\\n\\nAllocated by task 169:\\nkasan_save_stack (mm/kasan/common.c:58)\\nkasan_save_track (./arch/x86/include/asm/current.h:25\\nmm/kasan/common.c:70 mm/kasan/common.c:79)\\n__kasan_kmalloc (mm/kasan/common.c:419)\\n__kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657\\nmm/slub.c:7140)\\nalloc_netdev_mqs (net/core/dev.c:12012)\\nrtnl_create_link (net/core/rtnetlink.c:3648)\\nrtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957\\nnet/core/rtnetlink.c:4072)\\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\\n__x64_sys_sendto (net/socket.c:2209)\\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\\n\\nFreed by task 169:\\nkasan_save_stack (mm/kasan/common.c:58)\\nkasan_save_track (./arch/x86/include/asm/current.h:25\\nmm/kasan/common.c:70 mm/kasan/common.c:79)\\nkasan_save_free_info (mm/kasan/generic.c:587)\\n__kasan_slab_free (mm/kasan/common.c:287)\\nkfree (mm/slub.c:6674 mm/slub.c:6882)\\nrtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957\\nnet/core/rtnetlink.c:4072)\\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\\n__x64_sys_sendto (net/socket.c:2209)\\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/19c7d8ac51988d053709c1e85bd8482076af845d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1e58ae87ad1e6e24368dea9aec9048c758cd0e2b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/721eb342d9ba19bad5c4815ea3921465158b7362\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/91e4ff8d966978901630fc29582c1a76d3c6e46c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a1f686d273d129b45712d95f4095843b864466bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d34f7a8aa9a25b7e64e0e46e444697c0f702374d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.