[SRU][Q][PATCH 0/1] erspan: Initialize options_len before referencing options.
Frode Nordahl
fnordahl at ubuntu.com
Tue Jan 20 10:14:04 UTC 2026
BugLink: https://launchpad.net/bugs/2129580
SRU Justification:
[ Impact ]
Due to a false negative result of runtime bounds checking, a kernel panic occurrs on reception of erspan packet.
A bug has been discovered in the kernel networking code for handling of erspan packets. It manifests itself when FORTIFY_SOURCE is enabled and GCC 15.2+ compiler is used, both of which are true for Ubuntu Questing and onwards.
[ Testc Plan ]
The Open vSwitch system test suite triggers the panic, and consequentliy it can be used to confirm the fix.
[ Where problems could occur ]
The false negative occurs due to incorrect order of referencing counter and the data protected by it, the fix is trivial and has been merged both to mainline and stable for some time.
Probability of it causing undesired effects is minimal.
Frode Nordahl (1):
erspan: Initialize options_len before referencing options.
net/ipv4/ip_gre.c | 6 ++++--
net/ipv6/ip6_gre.c | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
--
2.51.0
More information about the kernel-team
mailing list