CVE-2024-26804

net: ip_tunnel: prevent perpetual headroom growth

References

Notes

 carnil> Introduced in 243aad830e8a ("ip_gre: include route header_len in max_headroom
 carnil> calculation"). Vulnerable versions: 2.6.33.2 2.6.34-rc3.

Bugs

Status

Branch Status
4.19-buster-security needed
4.19-upstream-stable needed
5.10-bullseye-security released (5.10.216-1)
5.10-upstream-stable released (5.10.212) [2e95350fe9db9d53c701075060ac8ac883b68aee]
6.1-bookworm-security released (6.1.82-1)
6.1-upstream-stable released (6.1.81) [ab63de24ebea36fe73ac7121738595d704b66d96]
6.6-upstream-stable released (6.6.21) [a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9]
6.8-upstream-stable N/A "Fixed before branching point"
sid released (6.7.9-1)
upstream released (6.8-rc7) [5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f]