CVE-2024-26754

gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()

References

Notes

 carnil> Introduced in 459aa660eb1d ("gtp: add initial driver for datapath of GPRS
 carnil> Tunneling Protocol (GTP-U)"). Vulnerable versions: 4.7-rc1.

Bugs

Status

Branch Status
4.19-buster-security needed
4.19-upstream-stable released (4.19.308) [f0ecdfa679189d26aedfe24212d4e69e42c2c861]
5.10-bullseye-security released (5.10.216-1)
5.10-upstream-stable released (5.10.211) [2e534fd15e5c2ca15821c897352cf0e8a3e30dca]
6.1-bookworm-security released (6.1.82-1)
6.1-upstream-stable released (6.1.80) [3963f16cc7643b461271989b712329520374ad2a]
6.6-upstream-stable released (6.6.19) [ba6b8b02a3314e62571a540efa96560888c5f03e]
6.8-upstream-stable N/A "Fixed before branching point"
sid released (6.7.7-1)
upstream released (6.8-rc6) [136cfaca22567a03bbb3bf53a43d8cb5748b80ec]