CVE-2024-26852

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

References

Notes

 carnil> Introduced in 3b1137fe7482 ("net: ipv6: Change notifications for multipath add
 carnil> to RTA_MULTIPATH"). Vulnerable versions: 4.11-rc1.

Bugs

Status

Branch Status
4.19-buster-security needed
4.19-upstream-stable released (4.19.310) [31ea5bcc7d4cd1423de6be327a2c034725704136]
5.10-bullseye-security released (5.10.216-1)
5.10-upstream-stable released (5.10.213) [79ce2e54cc0ae366f45516c00bf1b19aa43e9abe]
6.1-bookworm-security released (6.1.82-1)
6.1-upstream-stable released (6.1.82) [394334fe2ae3b9f1e2332b873857e84cb28aac18]
6.6-upstream-stable released (6.6.22) [ed883060c38721ed828061f6c0c30e5147326c9a]
6.8-upstream-stable released (6.8) [685f7d531264599b3f167f1e94bbd22f120e5fab]
sid released (6.7.12-1)
upstream released (6.8) [685f7d531264599b3f167f1e94bbd22f120e5fab]