ACK: [SRU][J:bluefield/N:bluefield][PATCH 0/1] linux-bluefield is vulnerable to CVE-2025-21857 (LP: #2109993)
Jose Ogando
jose.ogando at canonical.com
Fri May 30 14:16:20 UTC 2025
Acked-by: Jose Ogando <jose.ogando at canonical.com>
On Fri, 2025-05-30 at 13:01 +0200, Massimiliano Pellizzer wrote:
> BugLink: https://bugs.launchpad.net/bugs/2109993
>
> [ Impact ]
>
> net/sched: cls_api: fix error handling causing NULL dereference
>
> tcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can
> return 1 if the allocation succeeded after wrapping. This was treated
> as
> an error, with value 1 returned to caller tcf_exts_init_ex() which
> sets
> exts->actions to NULL and returns 1 to caller fl_change().
>
> fl_change() treats err == 1 as success, calling
> tcf_exts_validate_ex()
> which calls tcf_action_init() with exts->actions as argument, where
> it
> is dereferenced.
>
> [ Fix ]
>
> Cherry pick the fix commit from mainline:
> - 071ed42cff4f net/sched: cls_api: fix error handling causing NULL
> dereference
>
> [ Test Plan ]
>
> Compile tested.
>
> [ Where Problems Could Occur ]
>
> A regression here is unlikely due to the very limited scope
> of the patch.
>
> [ Other Info ]
>
> This patch targets bluefield kernels only.
> Noble generic will receive the patch through stable updates,
> or in a separate patchset.
>
More information about the kernel-team
mailing list