In the Linux kernel, the following vulnerability has been resolved:
net: fix possible store tearing in neigh_periodic_work()
While looking at a related syzbot report involving neigh_periodic_work(),
I found that I forgot to add an annotation when deleting an
RCU protected item from a list.
Readers use rcu_deference(*np), we need to use either
rcu_assign_pointer() or WRITE_ONCE() on writer side
to prevent store tearing.
I use rcu_assign_pointer() to have lockdep support,
this was the choice made in neigh_flush_dev().
Vendor | Product | Version | CPE |
---|---|---|---|
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
[
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "unaffected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/core/neighbour.c"
],
"versions": [
{
"version": "767e97e1e0db",
"lessThan": "95eabb075a59",
"status": "affected",
"versionType": "git"
},
{
"version": "767e97e1e0db",
"lessThan": "2ea52a2fb8e8",
"status": "affected",
"versionType": "git"
},
{
"version": "767e97e1e0db",
"lessThan": "147d89ee4143",
"status": "affected",
"versionType": "git"
},
{
"version": "767e97e1e0db",
"lessThan": "f82aac816287",
"status": "affected",
"versionType": "git"
},
{
"version": "767e97e1e0db",
"lessThan": "a75152d23337",
"status": "affected",
"versionType": "git"
},
{
"version": "767e97e1e0db",
"lessThan": "25563b581ba3",
"status": "affected",
"versionType": "git"
}
]
},
{
"product": "Linux",
"vendor": "Linux",
"defaultStatus": "affected",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"programFiles": [
"net/core/neighbour.c"
],
"versions": [
{
"version": "2.6.37",
"status": "affected"
},
{
"version": "0",
"lessThan": "2.6.37",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.4.258",
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.10.198",
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "5.15.135",
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.1.57",
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.5.7",
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"versionType": "custom"
},
{
"version": "6.6",
"lessThanOrEqual": "*",
"status": "unaffected",
"versionType": "original_commit_for_fix"
}
]
}
]
git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa
git.kernel.org/stable/c/25563b581ba3a1f263a00e8c9a97f5e7363be6fd
git.kernel.org/stable/c/2ea52a2fb8e87067e26bbab4efb8872639240eb0
git.kernel.org/stable/c/95eabb075a5902f4c0834ab1fb12dc35730c05af
git.kernel.org/stable/c/a75152d233370362eebedb2643592e7c883cc9fc
git.kernel.org/stable/c/f82aac8162871e87027692b36af335a2375d4580