From bippy-4986f5686161 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2023-52579: ipv4: fix null-deref in ipv4_link_failure
Message-Id: <2024030257-CVE-2023-52579-af56@gregkh>
Content-Length: 2943
Lines: 64
X-Developer-Signature: v=1; a=openpgp-sha256; l=3008;
 i=gregkh@linuxfoundation.org; h=from:subject:message-id;
 bh=UFEOkDsJzgGB44rPcON0LWAsFBkTJqVTJ5ZZfgSh4PI=;
 b=owGbwMvMwCRo6H6F97bub03G02pJDKmPF8Zulen6cuye9bSJEzpOVhj17g9qLszXtw524l7dk
 y67uGJ+RywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAEwkZSPD/KTEO2kfUho+l/y8
 tCbpsE/8no+mXQzzY88Xems9sThxVWxlh5Z85/Pay/9EAA==
X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp;
 fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ipv4: fix null-deref in ipv4_link_failure

Currently, we assume the skb is associated with a device before calling
__ip_options_compile, which is not always the case if it is re-routed by
ipvs.
When skb->dev is NULL, dev_net(skb->dev) will become null-dereference.
This patch adds a check for the edge case and switch to use the net_device
from the rtable when skb->dev is NULL.

The Linux kernel CVE team has assigned CVE-2023-52579 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.14.114 with commit 0a7e8300b7f4 and fixed in 4.14.327 with commit 084c7ac9e8d6
	Issue introduced in 4.19.37 with commit 7ba5ec69e1a7 and fixed in 4.19.296 with commit a2cf7bd75b39
	Issue introduced in 5.1 with commit ed0de45a1008 and fixed in 5.4.258 with commit 810fd23d9715
	Issue introduced in 5.1 with commit ed0de45a1008 and fixed in 5.10.198 with commit 8689c9ace976
	Issue introduced in 5.1 with commit ed0de45a1008 and fixed in 5.15.134 with commit 8860d354f653
	Issue introduced in 5.1 with commit ed0de45a1008 and fixed in 6.1.56 with commit 2712545e535d
	Issue introduced in 5.1 with commit ed0de45a1008 and fixed in 6.5.6 with commit cda20fcddf53
	Issue introduced in 5.1 with commit ed0de45a1008 and fixed in 6.6 with commit 0113d9c9d1cc

Please see https://www.kernel.org or a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52579
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	net/ipv4/route.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/084c7ac9e8d60bf21a423490021b7c3427312955
	https://git.kernel.org/stable/c/a2cf7bd75b3992e8df68dd5fdc6499b67d45f6e0
	https://git.kernel.org/stable/c/810fd23d9715474aa27997584e8fc9396ef3cb67
	https://git.kernel.org/stable/c/8689c9ace976d6c078e6dc844b09598796e84099
	https://git.kernel.org/stable/c/8860d354f653628b6330e1c5b06b2828948135a4
	https://git.kernel.org/stable/c/2712545e535d7a2e4c53b9c9658a9c88c6055862
	https://git.kernel.org/stable/c/cda20fcddf53f0f959641c8ef4d50ab87ffa5124
	https://git.kernel.org/stable/c/0113d9c9d1ccc07f5a3710dac4aa24b6d711278c
