Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
net: sched: sfb: fix null pointer access issue when sfb_init() fails
When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is invoked to clear resources. In this case, the q->qdisc is NULL, and it will cause gpf issue.
The process is as follows: qdisc_create_dflt() sfb_init() tcf_block_get() —>failed, q->qdisc is NULL … qdisc_put() … sfb_reset() qdisc_reset(q->qdisc) —>q->qdisc is NULL ops = qdisc->ops
The following is the Call Trace information:
general protection fault, probably for non-canonical address
0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
RIP: 0010:qdisc_reset+0x2b/0x6f0
Call Trace:
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 7 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CloudLinux 7 ELS , Oracle Linux 7 ELS , RHEL 7 ELS , Ubuntu 16.04 ELS
- Affected packages:
- linux @ 4.4.0 (+9 more)
In the Linux kernel, the following vulnerability has been resolved:
net: sched: sfb: fix null pointer access issue when sfb_init() fails
When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is invoked to clear resources. In this case, the q->qdisc is NULL, and it will cause gpf issue.
The process is as follows: qdisc_create_dflt() sfb_init() tcf_block_get() —>failed, q->qdisc is NULL … qdisc_put() … sfb_reset() qdisc_reset(q->qdisc) —>q->qdisc is NULL ops = qdisc->ops
The following is the Call Trace information:
general protection fault, probably for non-canonical address
0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
RIP: 0010:qdisc_reset+0x2b/0x6f0
Call Trace: