Re: IPv6 and Route of Death

[Andrew Worsley <amworsley () gmail com>]

I think debian stable/bullseye may not be vulnerable with standard kernel:

The exploit write up suggests it requires the ipv6_rpl_srh_compress()
routine to be compiled in
but from my reading of the code (see
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/include/net/rpl.h)
requires CONFIG_IPV6_RPL_LWTUNNEL to be define which isn't in my
latest debian amd64 kernel:

% grep CONFIG_IPV6_RPL_LWTUNNEL /boot/config-5.10.0-23-amd64
# CONFIG_IPV6_RPL_LWTUNNEL is not set

uname -a
Linux fast 5.10.0-23-amd64 #1 SMP Debian 5.10.179-1 (2023-05-12)
x86_64 GNU/Linux


On Thu, 18 May 2023 at 04:35, Erik Auerswald <auerswal () unix-ag uni-kl de> wrote:
> Hi all,
>
> On Wed, May 17, 2023 at 07:13:51PM +0200, Solar Designer wrote:
> > On Wed, May 17, 2023 at 10:02:31AM -0400, Jeffrey Walton wrote:
> > > This seems to have been dropped as a 0-day. I have not seen a CVE
> > > assigned to it.
> >
> > The "original writeup" you reference says this is CVE-2023-2156.
> >
> > > I _think_ this is the original writeup:
> > >
> > >   * https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death
>
> It also mentions that "the bug patch didn't solve the underlying problem
> (ZDI confirmed this too), so we're still expecting another patch at
> some[ ]point."
....

Is this reasonable?

Thanks

Andrew