In the Linux kernel, the following vulnerability has been resolved:
openvswitch: use RCU protection in ovsvportcmdfillinfo()
ovsvportcmdfillinfo() can be called without RTNL or RCU.
Use RCU protection and devnetrcu() to avoid potential UAF.
{ "urgency": "not yet assigned" }