CVE-2024-26882

net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

References

https://cve.org/CVERecord/?id=CVE-2024-26882

Notes

 carnil> Introduced in c54419321455 ("GRE: Refactor GRE tunneling code."). Vulnerable
 carnil> versions: 3.10-rc1.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	needed
5.10-bullseye-security	released (5.10.216-1)
5.10-upstream-stable	released (5.10.214) [77fd5294ea09b21f6772ac954a121b87323cec80]
6.1-bookworm-security	released (6.1.85-1)
6.1-upstream-stable	released (6.1.83) [60044ab84836359534bd7153b92e9c1584140e4a]
6.6-upstream-stable	released (6.6.23) [c4c857723b37c20651300b3de4ff25059848b4b0]
6.8-upstream-stable	released (6.8.2) [ca914f1cdee8a85799942c9b0ce5015bbd6844e1]
sid	released (6.7.12-1)
upstream	released (6.9-rc1) [b0ec2abf98267f14d032102551581c833b0659d3]