CVE-2026-23273 (GCVE-0-2026-23273)
Vulnerability from cvelistv5 – Published: 2026-03-20 08:08 – Updated: 2026-03-20 08:08
VLAI?
Title
macvlan: observe an RCU grace period in macvlan_common_newlink() error path
Summary
In the Linux kernel, the following vulnerability has been resolved:
macvlan: observe an RCU grace period in macvlan_common_newlink() error path
valis reported that a race condition still happens after my prior patch.
macvlan_common_newlink() might have made @dev visible before
detecting an error, and its caller will directly call free_netdev(dev).
We must respect an RCU period, either in macvlan or the core networking
stack.
After adding a temporary mdelay(1000) in macvlan_forward_source_one()
to open the race window, valis repro was:
ip link add p1 type veth peer p2
ip link set address 00:00:00:00:00:20 dev p1
ip link set up dev p1
ip link set up dev p2
ip link add mv0 link p2 type macvlan mode source
(ip link add invalid% link p2 type macvlan mode source macaddr add
00:00:00:00:00:20 &) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4
PING 1.2.3.4 (1.2.3.4): 56 data bytes
RTNETLINK answers: Invalid argument
BUG: KASAN: slab-use-after-free in macvlan_forward_source
(drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)
Read of size 8 at addr ffff888016bb89c0 by task e/175
CPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014
Call Trace:
<IRQ>
dump_stack_lvl (lib/dump_stack.c:123)
print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)
? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)
kasan_report (mm/kasan/report.c:597)
? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)
macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)
? tasklet_init (kernel/softirq.c:983)
macvlan_handle_frame (drivers/net/macvlan.c:501)
Allocated by task 169:
kasan_save_stack (mm/kasan/common.c:58)
kasan_save_track (./arch/x86/include/asm/current.h:25
mm/kasan/common.c:70 mm/kasan/common.c:79)
__kasan_kmalloc (mm/kasan/common.c:419)
__kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657
mm/slub.c:7140)
alloc_netdev_mqs (net/core/dev.c:12012)
rtnl_create_link (net/core/rtnetlink.c:3648)
rtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957
net/core/rtnetlink.c:4072)
rtnetlink_rcv_msg (net/core/rtnetlink.c:6958)
netlink_rcv_skb (net/netlink/af_netlink.c:2550)
netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)
netlink_sendmsg (net/netlink/af_netlink.c:1894)
__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)
__x64_sys_sendto (net/socket.c:2209)
do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)
Freed by task 169:
kasan_save_stack (mm/kasan/common.c:58)
kasan_save_track (./arch/x86/include/asm/current.h:25
mm/kasan/common.c:70 mm/kasan/common.c:79)
kasan_save_free_info (mm/kasan/generic.c:587)
__kasan_slab_free (mm/kasan/common.c:287)
kfree (mm/slub.c:6674 mm/slub.c:6882)
rtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957
net/core/rtnetlink.c:4072)
rtnetlink_rcv_msg (net/core/rtnetlink.c:6958)
netlink_rcv_skb (net/netlink/af_netlink.c:2550)
netlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)
netlink_sendmsg (net/netlink/af_netlink.c:1894)
__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)
__x64_sys_sendto (net/socket.c:2209)
do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)
entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
da5c6b8ae47e414be47e5e04def15b25d5c962dc , < 91e4ff8d966978901630fc29582c1a76d3c6e46c
(git)
Affected: 5dae6b36a7cb7a4fcf4121b95e9ca7f96f816c8a , < 3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4 (git) Affected: c43d0e787cbba569ec9d11579ed370b50fab6c9c , < 721eb342d9ba19bad5c4815ea3921465158b7362 (git) Affected: 11ba9f0dc865136174cb98834280fb21bbc950c7 , < 19c7d8ac51988d053709c1e85bd8482076af845d (git) Affected: 986967a162142710076782d5b93daab93a892980 , < a1f686d273d129b45712d95f4095843b864466bd (git) Affected: cdedcd5aa3f3cb8b7ae0f87ab3a936d0bd583d66 , < d34f7a8aa9a25b7e64e0e46e444697c0f702374d (git) Affected: f8db6475a83649689c087a8f52486fcc53e627e9 , < 1e58ae87ad1e6e24368dea9aec9048c758cd0e2b (git) Affected: f8db6475a83649689c087a8f52486fcc53e627e9 , < e3f000f0dee1bfab52e2e61ca6a3835d9e187e35 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/macvlan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "91e4ff8d966978901630fc29582c1a76d3c6e46c",
"status": "affected",
"version": "da5c6b8ae47e414be47e5e04def15b25d5c962dc",
"versionType": "git"
},
{
"lessThan": "3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4",
"status": "affected",
"version": "5dae6b36a7cb7a4fcf4121b95e9ca7f96f816c8a",
"versionType": "git"
},
{
"lessThan": "721eb342d9ba19bad5c4815ea3921465158b7362",
"status": "affected",
"version": "c43d0e787cbba569ec9d11579ed370b50fab6c9c",
"versionType": "git"
},
{
"lessThan": "19c7d8ac51988d053709c1e85bd8482076af845d",
"status": "affected",
"version": "11ba9f0dc865136174cb98834280fb21bbc950c7",
"versionType": "git"
},
{
"lessThan": "a1f686d273d129b45712d95f4095843b864466bd",
"status": "affected",
"version": "986967a162142710076782d5b93daab93a892980",
"versionType": "git"
},
{
"lessThan": "d34f7a8aa9a25b7e64e0e46e444697c0f702374d",
"status": "affected",
"version": "cdedcd5aa3f3cb8b7ae0f87ab3a936d0bd583d66",
"versionType": "git"
},
{
"lessThan": "1e58ae87ad1e6e24368dea9aec9048c758cd0e2b",
"status": "affected",
"version": "f8db6475a83649689c087a8f52486fcc53e627e9",
"versionType": "git"
},
{
"lessThan": "e3f000f0dee1bfab52e2e61ca6a3835d9e187e35",
"status": "affected",
"version": "f8db6475a83649689c087a8f52486fcc53e627e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/macvlan.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.19"
},
{
"lessThan": "6.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.252",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.128",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.252",
"versionStartIncluding": "5.10.250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.202",
"versionStartIncluding": "5.15.200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.165",
"versionStartIncluding": "6.1.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.128",
"versionStartIncluding": "6.6.124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.75",
"versionStartIncluding": "6.12.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.14",
"versionStartIncluding": "6.18.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.4",
"versionStartIncluding": "6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0-rc1",
"versionStartIncluding": "6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: observe an RCU grace period in macvlan_common_newlink() error path\n\nvalis reported that a race condition still happens after my prior patch.\n\nmacvlan_common_newlink() might have made @dev visible before\ndetecting an error, and its caller will directly call free_netdev(dev).\n\nWe must respect an RCU period, either in macvlan or the core networking\nstack.\n\nAfter adding a temporary mdelay(1000) in macvlan_forward_source_one()\nto open the race window, valis repro was:\n\nip link add p1 type veth peer p2\nip link set address 00:00:00:00:00:20 dev p1\nip link set up dev p1\nip link set up dev p2\nip link add mv0 link p2 type macvlan mode source\n\n(ip link add invalid% link p2 type macvlan mode source macaddr add\n00:00:00:00:00:20 \u0026) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4\nPING 1.2.3.4 (1.2.3.4): 56 data bytes\nRTNETLINK answers: Invalid argument\n\nBUG: KASAN: slab-use-after-free in macvlan_forward_source\n(drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nRead of size 8 at addr ffff888016bb89c0 by task e/175\n\nCPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl (lib/dump_stack.c:123)\nprint_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nkasan_report (mm/kasan/report.c:597)\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\nmacvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\n? tasklet_init (kernel/softirq.c:983)\nmacvlan_handle_frame (drivers/net/macvlan.c:501)\n\nAllocated by task 169:\nkasan_save_stack (mm/kasan/common.c:58)\nkasan_save_track (./arch/x86/include/asm/current.h:25\nmm/kasan/common.c:70 mm/kasan/common.c:79)\n__kasan_kmalloc (mm/kasan/common.c:419)\n__kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657\nmm/slub.c:7140)\nalloc_netdev_mqs (net/core/dev.c:12012)\nrtnl_create_link (net/core/rtnetlink.c:3648)\nrtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957\nnet/core/rtnetlink.c:4072)\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\n__x64_sys_sendto (net/socket.c:2209)\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\n\nFreed by task 169:\nkasan_save_stack (mm/kasan/common.c:58)\nkasan_save_track (./arch/x86/include/asm/current.h:25\nmm/kasan/common.c:70 mm/kasan/common.c:79)\nkasan_save_free_info (mm/kasan/generic.c:587)\n__kasan_slab_free (mm/kasan/common.c:287)\nkfree (mm/slub.c:6674 mm/slub.c:6882)\nrtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957\nnet/core/rtnetlink.c:4072)\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\n__x64_sys_sendto (net/socket.c:2209)\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)"
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T08:08:54.111Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/91e4ff8d966978901630fc29582c1a76d3c6e46c"
},
{
"url": "https://git.kernel.org/stable/c/3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4"
},
{
"url": "https://git.kernel.org/stable/c/721eb342d9ba19bad5c4815ea3921465158b7362"
},
{
"url": "https://git.kernel.org/stable/c/19c7d8ac51988d053709c1e85bd8482076af845d"
},
{
"url": "https://git.kernel.org/stable/c/a1f686d273d129b45712d95f4095843b864466bd"
},
{
"url": "https://git.kernel.org/stable/c/d34f7a8aa9a25b7e64e0e46e444697c0f702374d"
},
{
"url": "https://git.kernel.org/stable/c/1e58ae87ad1e6e24368dea9aec9048c758cd0e2b"
},
{
"url": "https://git.kernel.org/stable/c/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35"
}
],
"title": "macvlan: observe an RCU grace period in macvlan_common_newlink() error path",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23273",
"datePublished": "2026-03-20T08:08:54.111Z",
"dateReserved": "2026-01-13T15:37:45.991Z",
"dateUpdated": "2026-03-20T08:08:54.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23273\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-20T09:16:12.847\",\"lastModified\":\"2026-03-20T13:37:50.737\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmacvlan: observe an RCU grace period in macvlan_common_newlink() error path\\n\\nvalis reported that a race condition still happens after my prior patch.\\n\\nmacvlan_common_newlink() might have made @dev visible before\\ndetecting an error, and its caller will directly call free_netdev(dev).\\n\\nWe must respect an RCU period, either in macvlan or the core networking\\nstack.\\n\\nAfter adding a temporary mdelay(1000) in macvlan_forward_source_one()\\nto open the race window, valis repro was:\\n\\nip link add p1 type veth peer p2\\nip link set address 00:00:00:00:00:20 dev p1\\nip link set up dev p1\\nip link set up dev p2\\nip link add mv0 link p2 type macvlan mode source\\n\\n(ip link add invalid% link p2 type macvlan mode source macaddr add\\n00:00:00:00:00:20 \u0026) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4\\nPING 1.2.3.4 (1.2.3.4): 56 data bytes\\nRTNETLINK answers: Invalid argument\\n\\nBUG: KASAN: slab-use-after-free in macvlan_forward_source\\n(drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nRead of size 8 at addr ffff888016bb89c0 by task e/175\\n\\nCPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\\nCall Trace:\\n\u003cIRQ\u003e\\ndump_stack_lvl (lib/dump_stack.c:123)\\nprint_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nkasan_report (mm/kasan/report.c:597)\\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nmacvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\n? tasklet_init (kernel/softirq.c:983)\\nmacvlan_handle_frame (drivers/net/macvlan.c:501)\\n\\nAllocated by task 169:\\nkasan_save_stack (mm/kasan/common.c:58)\\nkasan_save_track (./arch/x86/include/asm/current.h:25\\nmm/kasan/common.c:70 mm/kasan/common.c:79)\\n__kasan_kmalloc (mm/kasan/common.c:419)\\n__kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657\\nmm/slub.c:7140)\\nalloc_netdev_mqs (net/core/dev.c:12012)\\nrtnl_create_link (net/core/rtnetlink.c:3648)\\nrtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957\\nnet/core/rtnetlink.c:4072)\\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\\n__x64_sys_sendto (net/socket.c:2209)\\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\\n\\nFreed by task 169:\\nkasan_save_stack (mm/kasan/common.c:58)\\nkasan_save_track (./arch/x86/include/asm/current.h:25\\nmm/kasan/common.c:70 mm/kasan/common.c:79)\\nkasan_save_free_info (mm/kasan/generic.c:587)\\n__kasan_slab_free (mm/kasan/common.c:287)\\nkfree (mm/slub.c:6674 mm/slub.c:6882)\\nrtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957\\nnet/core/rtnetlink.c:4072)\\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\\n__x64_sys_sendto (net/socket.c:2209)\\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\\n\\nmacvlan: observar un per\u00edodo de gracia RCU en la ruta de error de macvlan_common_newlink()\\n\\nvalis inform\u00f3 que una condici\u00f3n de carrera todav\u00eda ocurre despu\u00e9s de mi parche anterior.\\n\\nmacvlan_common_newlink() podr\u00eda haber hecho visible a @dev antes de detectar un error, y su llamador llamar\u00e1 directamente a free_netdev(dev).\\n\\nDebemos respetar un per\u00edodo RCU, ya sea en macvlan o en la pila de red central.\\n\\nDespu\u00e9s de a\u00f1adir un mdelay(1000) temporal en macvlan_forward_source_one() para abrir la ventana de carrera, la reproducci\u00f3n de valis fue:\\n\\nip link add p1 type veth peer p2\\nip link set address 00:00:00:00:00:20 dev p1\\nip link set up dev p1\\nip link set up dev p2\\nip link add mv0 link p2 type macvlan mode source\\n\\n(ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20 \u0026amp;) ; sleep 0.5 ; ping -c1 -I p1 1.2.3.4\\nPING 1.2.3.4 (1.2.3.4): 56 data bytes\\nRTNETLINK answers: Invalid argument\\n\\nBUG: KASAN: slab-uso despu\u00e9s de liberaci\u00f3n en macvlan_forward_source\\n(drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nRead of size 8 at addr ffff888016bb89c0 by task e/175\\n\\nCPU: 1 UID: 1000 PID: 175 Comm: e Not tainted 6.19.0-rc8+ #33 NONE\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\\nCall Trace:\\n\\ndump_stack_lvl (lib/dump_stack.c:123)\\nprint_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nkasan_report (mm/kasan/report.c:597)\\n? macvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\nmacvlan_forward_source (drivers/net/macvlan.c:408 drivers/net/macvlan.c:444)\\n? tasklet_init (kernel/softirq.c:983)\\nmacvlan_handle_frame (drivers/net/macvlan.c:501)\\n\\nAllocated by task 169:\\nkasan_save_stack (mm/kasan/common.c:58)\\nkasan_save_track (./arch/x86/include/asm/current.h:25\\nmm/kasan/common.c:70 mm/kasan/common.c:79)\\n__kasan_kmalloc (mm/kasan/common.c:419)\\n__kvmalloc_node_noprof (./include/linux/kasan.h:263 mm/slub.c:5657\\nmm/slub.c:7140)\\nalloc_netdev_mqs (net/core/dev.c:12012)\\nrtnl_create_link (net/core/rtnetlink.c:3648)\\nrtnl_newlink (net/core/rtnetlink.c:3830 net/core/rtnetlink.c:3957\\nnet/core/rtnetlink.c:4072)\\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\\n__x64_sys_sendto (net/socket.c:2209)\\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\\n\\nFreed by task 169:\\nkasan_save_stack (mm/kasan/common.c:58)\\nkasan_save_track (./arch/x86/include/asm/current.h:25\\nmm/kasan/common.c:70 mm/kasan/common.c:79)\\nkasan_save_free_info (mm/kasan/generic.c:587)\\n__kasan_slab_free (mm/kasan/common.c:287)\\nkfree (mm/slub.c:6674 mm/slub.c:6882)\\nrtnl_newlink (net/core/rtnetlink.c:3845 net/core/rtnetlink.c:3957\\nnet/core/rtnetlink.c:4072)\\nrtnetlink_rcv_msg (net/core/rtnetlink.c:6958)\\nnetlink_rcv_skb (net/netlink/af_netlink.c:2550)\\nnetlink_unicast (net/netlink/af_netlink.c:1319 net/netlink/af_netlink.c:1344)\\nnetlink_sendmsg (net/netlink/af_netlink.c:1894)\\n__sys_sendto (net/socket.c:727 net/socket.c:742 net/socket.c:2206)\\n__x64_sys_sendto (net/socket.c:2209)\\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131)\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/19c7d8ac51988d053709c1e85bd8482076af845d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1e58ae87ad1e6e24368dea9aec9048c758cd0e2b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3d94323c80d7fc4da5f10f9bb06a45d39d5d3cc4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/721eb342d9ba19bad5c4815ea3921465158b7362\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/91e4ff8d966978901630fc29582c1a76d3c6e46c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a1f686d273d129b45712d95f4095843b864466bd\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d34f7a8aa9a25b7e64e0e46e444697c0f702374d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…