[SRU][J:bluefield/N:bluefield][PATCH 0/1] linux-bluefield is vulnerable to CVE-2025-21857 (LP: #2109993)
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Fri May 30 11:01:05 UTC 2025
BugLink: https://bugs.launchpad.net/bugs/2109993
[ Impact ]
net/sched: cls_api: fix error handling causing NULL dereference
tcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can
return 1 if the allocation succeeded after wrapping. This was treated as
an error, with value 1 returned to caller tcf_exts_init_ex() which sets
exts->actions to NULL and returns 1 to caller fl_change().
fl_change() treats err == 1 as success, calling tcf_exts_validate_ex()
which calls tcf_action_init() with exts->actions as argument, where it
is dereferenced.
[ Fix ]
Cherry pick the fix commit from mainline:
- 071ed42cff4f net/sched: cls_api: fix error handling causing NULL dereference
[ Test Plan ]
Compile tested.
[ Where Problems Could Occur ]
A regression here is unlikely due to the very limited scope
of the patch.
[ Other Info ]
This patch targets bluefield kernels only.
Noble generic will receive the patch through stable updates,
or in a separate patchset.
More information about the kernel-team
mailing list