cve-2024-35886
Vulnerability from cvelistv5
Published
2024-05-19 08:34
Modified
2024-11-05 09:24
Severity ?
Summary
ipv6: Fix infinite recursion in fib6_dump_done().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T15:12:24.428695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:53.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_fib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9472d07cd095",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "9c5258196182",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "fd307f2d91d4",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "40a344b2ddc0",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "167d4b47a9bd",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "f2dd75e57285",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "4a7c465a5dcd",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "d21d40605bca",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_fib.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix infinite recursion in fib6_dump_done().\n\nsyzkaller reported infinite recursive calls of fib6_dump_done() during\nnetlink socket destruction.  [1]\n\nFrom the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then\nthe response was generated.  The following recvmmsg() resumed the dump\nfor IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due\nto the fault injection.  [0]\n\n  12:01:34 executing program 3:\n  r0 = socket$nl_route(0x10, 0x3, 0x0)\n  sendmsg$nl_route(r0, ... snip ...)\n  recvmmsg(r0, ... snip ...) (fail_nth: 8)\n\nHere, fib6_dump_done() was set to nlk_sk(sk)-\u003ecb.done, and the next call\nof inet6_dump_fib() set it to nlk_sk(sk)-\u003ecb.args[3].  syzkaller stopped\nreceiving the response halfway through, and finally netlink_sock_destruct()\ncalled nlk_sk(sk)-\u003ecb.done().\n\nfib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)-\u003ecb.done() if it\nis still not NULL.  fib6_dump_end() rewrites nlk_sk(sk)-\u003ecb.done() by\nnlk_sk(sk)-\u003ecb.args[3], but it has the same function, not NULL, calling\nitself recursively and hitting the stack guard page.\n\nTo avoid the issue, let\u0027s set the destructor after kzalloc().\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 PID: 432110 Comm: syz-executor.3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:117)\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3733)\n kmalloc_trace (mm/slub.c:3748 mm/slub.c:3827 mm/slub.c:3992)\n inet6_dump_fib (./include/linux/slab.h:628 ./include/linux/slab.h:749 net/ipv6/ip6_fib.c:662)\n rtnl_dump_all (net/core/rtnetlink.c:4029)\n netlink_dump (net/netlink/af_netlink.c:2269)\n netlink_recvmsg (net/netlink/af_netlink.c:1988)\n ____sys_recvmsg (net/socket.c:1046 net/socket.c:2801)\n ___sys_recvmsg (net/socket.c:2846)\n do_recvmmsg (net/socket.c:2943)\n __x64_sys_recvmmsg (net/socket.c:3041 net/socket.c:3034 net/socket.c:3034)\n\n[1]:\nBUG: TASK stack guard page was hit at 00000000f2fa9af1 (stack is 00000000b7912430..000000009a436beb)\nstack guard page: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 PID: 223719 Comm: kworker/1:3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: events netlink_sock_destruct_work\nRIP: 0010:fib6_dump_done (net/ipv6/ip6_fib.c:570)\nCode: 3c 24 e8 f3 e9 51 fd e9 28 fd ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 48 89 fd \u003c53\u003e 48 8d 5d 60 e8 b6 4d 07 fd 48 89 da 48 b8 00 00 00 00 00 fc ff\nRSP: 0018:ffffc9000d980000 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffffffff84405990 RCX: ffffffff844059d3\nRDX: ffff8881028e0000 RSI: ffffffff84405ac2 RDI: ffff88810c02f358\nRBP: ffff88810c02f358 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000224 R12: 0000000000000000\nR13: ffff888007c82c78 R14: ffff888007c82c68 R15: ffff888007c82c68\nFS:  0000000000000000(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d97fff8 CR3: 0000000102309002 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003c#DF\u003e\n \u003c/#DF\u003e\n \u003cTASK\u003e\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n ...\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n netlink_sock_destruct (net/netlink/af_netlink.c:401)\n __sk_destruct (net/core/sock.c:2177 (discriminator 2))\n sk_destruct (net/core/sock.c:2224)\n __sk_free (net/core/sock.c:2235)\n sk_free (net/core/sock.c:2246)\n process_one_work (kernel/workqueue.c:3259)\n worker_thread (kernel/workqueue.c:3329 kernel/workqueue.\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:24:27.370Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778"
        },
        {
          "url": "https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2"
        },
        {
          "url": "https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061"
        },
        {
          "url": "https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae"
        }
      ],
      "title": "ipv6: Fix infinite recursion in fib6_dump_done().",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35886",
    "datePublished": "2024-05-19T08:34:42.694Z",
    "dateReserved": "2024-05-17T13:50:33.112Z",
    "dateUpdated": "2024-11-05T09:24:27.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35886\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-19T09:15:09.757\",\"lastModified\":\"2024-11-05T10:16:49.100\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nipv6: Fix infinite recursion in fib6_dump_done().\\n\\nsyzkaller reported infinite recursive calls of fib6_dump_done() during\\nnetlink socket destruction.  [1]\\n\\nFrom the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then\\nthe response was generated.  The following recvmmsg() resumed the dump\\nfor IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due\\nto the fault injection.  [0]\\n\\n  12:01:34 executing program 3:\\n  r0 = socket$nl_route(0x10, 0x3, 0x0)\\n  sendmsg$nl_route(r0, ... snip ...)\\n  recvmmsg(r0, ... snip ...) (fail_nth: 8)\\n\\nHere, fib6_dump_done() was set to nlk_sk(sk)-\u003ecb.done, and the next call\\nof inet6_dump_fib() set it to nlk_sk(sk)-\u003ecb.args[3].  syzkaller stopped\\nreceiving the response halfway through, and finally netlink_sock_destruct()\\ncalled nlk_sk(sk)-\u003ecb.done().\\n\\nfib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)-\u003ecb.done() if it\\nis still not NULL.  fib6_dump_end() rewrites nlk_sk(sk)-\u003ecb.done() by\\nnlk_sk(sk)-\u003ecb.args[3], but it has the same function, not NULL, calling\\nitself recursively and hitting the stack guard page.\\n\\nTo avoid the issue, let\u0027s set the destructor after kzalloc().\\n\\n[0]:\\nFAULT_INJECTION: forcing a failure.\\nname failslab, interval 1, probability 0, space 0, times 0\\nCPU: 1 PID: 432110 Comm: syz-executor.3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\\nCall Trace:\\n \u003cTASK\u003e\\n dump_stack_lvl (lib/dump_stack.c:117)\\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\\n should_failslab (mm/slub.c:3733)\\n kmalloc_trace (mm/slub.c:3748 mm/slub.c:3827 mm/slub.c:3992)\\n inet6_dump_fib (./include/linux/slab.h:628 ./include/linux/slab.h:749 net/ipv6/ip6_fib.c:662)\\n rtnl_dump_all (net/core/rtnetlink.c:4029)\\n netlink_dump (net/netlink/af_netlink.c:2269)\\n netlink_recvmsg (net/netlink/af_netlink.c:1988)\\n ____sys_recvmsg (net/socket.c:1046 net/socket.c:2801)\\n ___sys_recvmsg (net/socket.c:2846)\\n do_recvmmsg (net/socket.c:2943)\\n __x64_sys_recvmmsg (net/socket.c:3041 net/socket.c:3034 net/socket.c:3034)\\n\\n[1]:\\nBUG: TASK stack guard page was hit at 00000000f2fa9af1 (stack is 00000000b7912430..000000009a436beb)\\nstack guard page: 0000 [#1] PREEMPT SMP KASAN\\nCPU: 1 PID: 223719 Comm: kworker/1:3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\\nWorkqueue: events netlink_sock_destruct_work\\nRIP: 0010:fib6_dump_done (net/ipv6/ip6_fib.c:570)\\nCode: 3c 24 e8 f3 e9 51 fd e9 28 fd ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 48 89 fd \u003c53\u003e 48 8d 5d 60 e8 b6 4d 07 fd 48 89 da 48 b8 00 00 00 00 00 fc ff\\nRSP: 0018:ffffc9000d980000 EFLAGS: 00010293\\nRAX: 0000000000000000 RBX: ffffffff84405990 RCX: ffffffff844059d3\\nRDX: ffff8881028e0000 RSI: ffffffff84405ac2 RDI: ffff88810c02f358\\nRBP: ffff88810c02f358 R08: 0000000000000007 R09: 0000000000000000\\nR10: 0000000000000000 R11: 0000000000000224 R12: 0000000000000000\\nR13: ffff888007c82c78 R14: ffff888007c82c68 R15: ffff888007c82c68\\nFS:  0000000000000000(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: ffffc9000d97fff8 CR3: 0000000102309002 CR4: 0000000000770ef0\\nPKRU: 55555554\\nCall Trace:\\n \u003c#DF\u003e\\n \u003c/#DF\u003e\\n \u003cTASK\u003e\\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\\n ...\\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\\n netlink_sock_destruct (net/netlink/af_netlink.c:401)\\n __sk_destruct (net/core/sock.c:2177 (discriminator 2))\\n sk_destruct (net/core/sock.c:2224)\\n __sk_free (net/core/sock.c:2235)\\n sk_free (net/core/sock.c:2246)\\n process_one_work (kernel/workqueue.c:3259)\\n worker_thread (kernel/workqueue.c:3329 kernel/workqueue.\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ipv6: Se corrigi\u00f3 la recursividad infinita en fib6_dump_done(). syzkaller inform\u00f3 infinitas llamadas recursivas de fib6_dump_done() durante la destrucci\u00f3n del socket netlink. [1] Desde el registro, syzkaller envi\u00f3 un mensaje AF_UNSPEC RTM_GETROUTE y luego se gener\u00f3 la respuesta. El siguiente recvmmsg() reanud\u00f3 el volcado para IPv6, pero la primera llamada de inet6_dump_fib() fall\u00f3 en kzalloc() debido a la inyecci\u00f3n de falla. [0] 12:01:34 ejecutando el programa 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, ... recorte ...) recvmmsg(r0, ... recorte ...) (fail_nth: 8) Aqu\u00ed, fib6_dump_done() se configur\u00f3 en nlk_sk(sk)-\u0026gt;cb.done, y la siguiente llamada de inet6_dump_fib() se configur\u00f3 en nlk_sk(sk)-\u0026gt;cb.args[3]. syzkaller dej\u00f3 de recibir la respuesta a la mitad y finalmente netlink_sock_destruct() llam\u00f3 a nlk_sk(sk)-\u0026gt;cb.done(). fib6_dump_done() llama a fib6_dump_end() y nlk_sk(sk)-\u0026gt;cb.done() si todav\u00eda no es NULL. fib6_dump_end() reescribe nlk_sk(sk)-\u0026gt;cb.done() por nlk_sk(sk)-\u0026gt;cb.args[3], pero tiene la misma funci\u00f3n, no NULL, llam\u00e1ndose a s\u00ed mismo de forma recursiva y accediendo a la p\u00e1gina de protecci\u00f3n de pila. Para evitar el problema, configuremos el destructor despu\u00e9s de kzalloc(). [0]: FAULT_INJECTION: forzando un fallo. nombre failslab, intervalo 1, probabilidad 0, espacio 0, tiempos 0 CPU: 1 PID: 432110 Comm: syz-executor.3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX , 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 01/04/2014 Seguimiento de llamadas:  dump_stack_lvl (lib/dump_stack.c:117) deber\u00eda_fail_ex (lib/fault-inject.c :52 lib/fault-inject.c:153) must_failslab (mm/slub.c:3733) kmalloc_trace (mm/slub.c:3748 mm/slub.c:3827 mm/slub.c:3992) inet6_dump_fib (./ include/linux/slab.h:628 ./include/linux/slab.h:749 net/ipv6/ip6_fib.c:662) rtnl_dump_all (net/core/rtnetlink.c:4029) netlink_dump (net/netlink/af_netlink. c:2269) netlink_recvmsg (net/netlink/af_netlink.c:1988) ____sys_recvmsg (net/socket.c:1046 net/socket.c:2801) ___sys_recvmsg (net/socket.c:2846) do_recvmmsg (net/socket.c :2943) __x64_sys_recvmmsg (net/socket.c:3041 net/socket.c:3034 net/socket.c:3034) [1]: ERROR: La p\u00e1gina de protecci\u00f3n de la pila de TAREA fue visitada en 00000000f2fa9af1 (la pila es 00000000b7912430..000000009a436be b) pila p\u00e1gina de protecci\u00f3n: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 223719 Comm: kworker/1:3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11 Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996) , BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 01/04/2014 Cola de trabajo: eventos netlink_sock_destruct_work RIP: 0010:fib6_dump_done (net/ipv6/ip6_fib.c:570) C\u00f3digo: 3c 24 e8 f3 e9 51 fd e9 28 fd ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 48 89 fd \u0026lt;53\u0026gt; 48 8d 5d 60 e8 b6 4d 07 fd 48 89 da 48 b8 00 00 00 00 00 fc ff RSP: 0018:ffffc9000d980000 EFLAGS: 00010293 RAX: 00000000000000000 RBX: ffffffff84405990 RCX: ffffffff844059d3 RDX: 881028e0000 RSI: ffffffff84405ac2 RDI: ffff88810c02f358 RBP: ffff88810c02f358 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 0R11: 0000000000000224 R12: 0000000000000000 R13: ffff888007c82c78 R14: ffff888007c82c68 R15: ffff888007c82c68 FS: 0000000000000000(0000) ffff88811b100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc9000d97fff8 CR3: 0000000102309002 000000000770ef0 PKRU : 55555554 Seguimiento de llamadas: \u0026lt;#DF\u0026gt;   fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminador 1)) fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminador 1)). .. fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminador 1)) fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminador 1)) netlink_sock_destruct (net/netlink/af_netlink.c:401) __sk_destruct (net/ core/sock.c:2177 (discriminador 2)) sk_destruct (net/core/sock.c:2224) __sk_free (net/core/sock.c:2235) sk_free (net/core/sock.c:2246) Process_one_work ( kernel/workqueue.c:3259)-truncado-\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.