CVE-2024-26793

gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

References

https://cve.org/CVERecord/?id=CVE-2024-26793

Notes

 carnil> Introduced in 459aa660eb1d ("gtp: add initial driver for datapath of GPRS
 carnil> Tunneling Protocol (GTP-U)"). Vulnerable versions: 4.7-rc1.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	released (4.19.309) [01129059d5141d62fae692f7a336ae3bc712d3eb]
5.10-bullseye-security	released (5.10.216-1)
5.10-upstream-stable	released (5.10.212) [e668b92a3a01429923fd5ca13e99642aab47de69]
6.1-bookworm-security	released (6.1.82-1)
6.1-upstream-stable	released (6.1.81) [abd32d7f5c0294c1b2454c5a3b13b18446bac627]
6.6-upstream-stable	released (6.6.21) [93dd420bc41531c9a31498b9538ca83ba6ec191e]
6.8-upstream-stable	N/A "Fixed before branching point"
sid	released (6.7.9-1)
upstream	released (6.8-rc7) [616d82c3cfa2a2146dd7e3ae47bda7e877ee549e]