APPLIED: [SRU][J:bluefield/N:bluefield][PATCH 0/1] linux-bluefield is vulnerable to CVE-2025-21857 (LP: #2109993)
Kuba Pawlak
kuba.pawlak at canonical.com
Fri May 30 14:50:53 UTC 2025
On 30.05.2025 13:01, Massimiliano Pellizzer wrote:
> BugLink: https://bugs.launchpad.net/bugs/2109993
>
> [ Impact ]
>
> net/sched: cls_api: fix error handling causing NULL dereference
>
> tcf_exts_miss_cookie_base_alloc() calls xa_alloc_cyclic() which can
> return 1 if the allocation succeeded after wrapping. This was treated as
> an error, with value 1 returned to caller tcf_exts_init_ex() which sets
> exts->actions to NULL and returns 1 to caller fl_change().
>
> fl_change() treats err == 1 as success, calling tcf_exts_validate_ex()
> which calls tcf_action_init() with exts->actions as argument, where it
> is dereferenced.
>
> [ Fix ]
>
> Cherry pick the fix commit from mainline:
> - 071ed42cff4f net/sched: cls_api: fix error handling causing NULL dereference
>
> [ Test Plan ]
>
> Compile tested.
>
> [ Where Problems Could Occur ]
>
> A regression here is unlikely due to the very limited scope
> of the patch.
>
> [ Other Info ]
>
> This patch targets bluefield kernels only.
> Noble generic will receive the patch through stable updates,
> or in a separate patchset.
>
Applied-by: Kuba Pawlak <kuba.pawlak at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x216A9D7E3B63DCB4.asc
Type: application/pgp-keys
Size: 3139 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250530/6c5c0246/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250530/6c5c0246/attachment-0001.sig>
More information about the kernel-team
mailing list