In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nfbridgeinfo An skb can be added to a neigh->arpqueue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arpqueue of the bridge. As skb->dev can be reset back to nfbridge->physindev and used, and as there is no explicit mechanism that prevents this physindev from been freed under us (for instance neighflushdev doesn't cleanup skbs from different device's neigh queue) we can crash on e.g. this stack: arpprocess neighupdate skb = _skbdequeue(&neigh->arpqueue) neighresolveoutput(..., skb) ... brnfdevxmit brnfpreroutingfinishbridgeslow skb->dev = nfbridge->physindev brhandleframefinish Let's use plain ifindex instead of netdevice link. To peek into the original netdevice we will use devgetbyindex_rcu(). Thus either we get device and are safe to use it or we don't get it and drop skb.
{ "binaries": [ { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-azure-6.5-cloud-tools-6.5.0-1022" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-azure-6.5-headers-6.5.0-1022" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-azure-6.5-tools-6.5.0-1022" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-cloud-tools-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-headers-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1022-azure-dbgsym" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-modules-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1022-azure" }, { "binary_version": "6.5.0-1022.23~22.04.1", "binary_name": "linux-tools-6.5.0-1022-azure" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-gcp-6.5-headers-6.5.0-1022" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-gcp-6.5-tools-6.5.0-1022" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-headers-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1022-gcp-dbgsym" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-modules-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-modules-iwlwifi-6.5.0-1022-gcp" }, { "binary_version": "6.5.0-1022.24~22.04.1", "binary_name": "linux-tools-6.5.0-1022-gcp" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-buildinfo-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-buildinfo-6.5.0-41-generic-64k" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-cloud-tools-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-headers-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-headers-6.5.0-41-generic-64k" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-cloud-tools-6.5.0-41" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-cloud-tools-common" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-headers-6.5.0-41" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-tools-6.5.0-41" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-tools-common" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-hwe-6.5-tools-host" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-6.5.0-41-generic-dbgsym" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-unsigned-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-unsigned-6.5.0-41-generic-64k" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-unsigned-6.5.0-41-generic-64k-dbgsym" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-image-unsigned-6.5.0-41-generic-dbgsym" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-6.5.0-41-generic-64k" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-extra-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-ipu6-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-ivsc-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-modules-iwlwifi-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-source-6.5.0" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-tools-6.5.0-41-generic" }, { "binary_version": "6.5.0-41.41~22.04.2", "binary_name": "linux-tools-6.5.0-41-generic-64k" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-buildinfo-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-buildinfo-6.5.0-41-lowlatency-64k" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-cloud-tools-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-headers-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-headers-6.5.0-41-lowlatency-64k" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-64k" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-64k-dbgsym" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-41-lowlatency-dbgsym" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-cloud-tools-6.5.0-41" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-cloud-tools-common" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-headers-6.5.0-41" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-lib-rust-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-6.5.0-41" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-common" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-lowlatency-hwe-6.5-tools-host" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-modules-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-modules-6.5.0-41-lowlatency-64k" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-modules-iwlwifi-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-tools-6.5.0-41-lowlatency" }, { "binary_version": "6.5.0-41.41.1~22.04.1", "binary_name": "linux-tools-6.5.0-41-lowlatency-64k" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1021.22", "binary_name": "linux-buildinfo-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-buildinfo-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-headers-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-headers-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-64k-dbgsym" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-image-unsigned-6.5.0-1021-nvidia-dbgsym" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-extra-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-nvidia-fs-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-modules-nvidia-fs-6.5.0-1021-nvidia-64k" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-nvidia-6.5-headers-6.5.0-1021" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-nvidia-6.5-tools-6.5.0-1021" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-nvidia-6.5-tools-host" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-tools-6.5.0-1021-nvidia" }, { "binary_version": "6.5.0-1021.22", "binary_name": "linux-tools-6.5.0-1021-nvidia-64k" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1024.25", "binary_name": "linux-buildinfo-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-headers-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-image-unsigned-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-image-unsigned-6.5.0-1024-oem-dbgsym" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-ipu6-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-ivsc-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-iwlwifi-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-modules-usbio-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-oem-6.5-headers-6.5.0-1024" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-oem-6.5-lib-rust-6.5.0-1024-oem" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-oem-6.5-tools-6.5.0-1024" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-oem-6.5-tools-host" }, { "binary_version": "6.5.0-1024.25", "binary_name": "linux-tools-6.5.0-1024-oem" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-headers-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-headers-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-64k-dbgsym" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-image-unsigned-6.5.0-1024-oracle-dbgsym" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-modules-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-modules-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1024-oracle-64k" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-oracle-6.5-headers-6.5.0-1024" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-oracle-6.5-tools-6.5.0-1024" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-tools-6.5.0-1024-oracle" }, { "binary_version": "6.5.0-1024.24~22.04.1", "binary_name": "linux-tools-6.5.0-1024-oracle-64k" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-buildinfo-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-headers-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-image-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-image-6.5.0-40-generic-dbgsym" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-modules-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-modules-extra-6.5.0-40-generic" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-riscv-6.5-headers-6.5.0-40" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-riscv-6.5-tools-6.5.0-40" }, { "binary_version": "6.5.0-40.40.1~22.04.1", "binary_name": "linux-tools-6.5.0-40-generic" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-buildinfo-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-headers-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-image-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-image-6.5.0-1015-starfive-dbgsym" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-modules-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-modules-extra-6.5.0-1015-starfive" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-starfive-6.5-headers-6.5.0-1015" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-starfive-6.5-tools-6.5.0-1015" }, { "binary_version": "6.5.0-1015.16~22.04.1", "binary_name": "linux-tools-6.5.0-1015-starfive" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "6.8.0-2001.1", "binary_name": "linux-buildinfo-6.8.0-2001-raspi-realtime" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-headers-6.8.0-2001-raspi-realtime" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-image-6.8.0-2001-raspi-realtime" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-image-6.8.0-2001-raspi-realtime-dbgsym" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-modules-6.8.0-2001-raspi-realtime" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-raspi-realtime-headers-6.8.0-2001" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-raspi-realtime-tools-6.8.0-2001" }, { "binary_version": "6.8.0-2001.1", "binary_name": "linux-tools-6.8.0-2001-raspi-realtime" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }