In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential “struct net” leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated “struct net” refcount.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 6.1.82-1 | linux_6.1.82-1_all.deb |
Debian | 11 | all | linux | < 5.10.216-1 | linux_5.10.216-1_all.deb |
Debian | 10 | all | linux | < 4.19.249-2 | linux_4.19.249-2_all.deb |
Debian | 999 | all | linux | < 6.7.9-1 | linux_6.7.9-1_all.deb |
Debian | 13 | all | linux | < 6.7.9-1 | linux_6.7.9-1_all.deb |