oss-sec mailing list archives
Re: [CVE-2023-42754] null pointer dereference in Linux kernel ipv4 stack
From: Kyle Zeng <zengyhkyle () gmail com>
Date: Mon, 2 Oct 2023 13:27:51 -0700
On Mon, Oct 02, 2023 at 10:21:06PM +0200, Solar Designer wrote:
On Mon, Oct 02, 2023 at 12:53:20PM -0700, Kyle Zeng wrote:when the skb is rerouted through ipvs, its skb->dev is NULL. Then the following `dev_net` call, which accesses `dev->nd_net`, becomes null pointer dereference.When reporting issues like this, please always note the privileges required for attack. For the example above, it appears to be CAP_NET_ADMIN within the namespace:
Yes, to the best of my knowledge, CAP_NET_ADMIN is required for triggering the bug (at least for the attached proof-of-concept code), which can be obtained in user namespace (enabled by default in most desktop environments). And thank you for letting me know. I will report the privilege requirement properly next time. Best, Kyle Zeng
Current thread:
- [CVE-2023-42754] null pointer dereference in Linux kernel ipv4 stack Kyle Zeng (Oct 02)
- Re: [CVE-2023-42754] null pointer dereference in Linux kernel ipv4 stack Solar Designer (Oct 02)
- Re: [CVE-2023-42754] null pointer dereference in Linux kernel ipv4 stack Kyle Zeng (Oct 02)
- Re: [CVE-2023-42754] null pointer dereference in Linux kernel ipv4 stack Solar Designer (Oct 02)