DEBIAN-CVE-2024-40957

In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NFHOOK() in End.DX4 and End.DX6 behaviors inputactionenddx4() and inputactionenddx6() are called NFHOOK() for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outdev to NFHOOK(), otherwise may trigger a NULL pointer dereference, as below: [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090 [74830.655633] #PF: supervisor read access in kernel mode [74830.657888] #PF: errorcode(0x0000) - not-present page [74830.659500] PGD 0 P4D 0 [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI ... [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [74830.666569] RIP: 0010:rpfiltermt+0x44/0x15e [iptrpfilter] ... [74830.689725] Call Trace: [74830.690402] <IRQ> [74830.690953] ? showtraceloglvl+0x1c4/0x2df [74830.692020] ? showtraceloglvl+0x1c4/0x2df [74830.693095] ? iptdotable+0x286/0x710 [iptables] [74830.694275] ? _diebody.cold+0x8/0xd [74830.695205] ? pagefaultoops+0xac/0x140 [74830.696244] ? excpagefault+0x62/0x150 [74830.697225] ? asmexcpagefault+0x22/0x30 [74830.698344] ? rpfiltermt+0x44/0x15e [iptrpfilter] [74830.699540] iptdotable+0x286/0x710 [iptables] [74830.700758] ? ip6routeinput+0x19d/0x240 [74830.701752] nfhookslow+0x3f/0xb0 [74830.702678] inputactionenddx4+0x19b/0x1e0 [74830.703735] ? inputactionendt+0xe0/0xe0 [74830.704734] seg6localinputcore+0x2d/0x60 [74830.705782] lwtunnelinput+0x5b/0xb0 [74830.706690] _netifreceiveskbonecore+0x63/0xa0 [74830.707825] processbacklog+0x99/0x140 [74830.709538] _napipoll+0x2c/0x160 [74830.710673] netrxaction+0x296/0x350 [74830.711860] _dosoftirq+0xcb/0x2ac [74830.713049] dosoftirq+0x63/0x90 inputactionenddx4() passing a NULL indev to NFHOOK(), and finally trigger a NULL dereference in rpfiltermt()->rpfilterisloopback(): static bool rpfilterisloopback(const struct skbuff *skb, const struct netdevice *in) { // in is NULL return skb->pkttype == PACKETLOOPBACK || in->flags & IFFLOOPBACK; }