CVE-2024-53211

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/l2tp: fix warning in l2tp_exit_net found by syzbot<br /> <br /> In l2tp&amp;#39;s net exit handler, we check that an IDR is empty before<br /> destroying it:<br /> <br /> WARN_ON_ONCE(!idr_is_empty(&amp;pn-&gt;l2tp_tunnel_idr));<br /> idr_destroy(&amp;pn-&gt;l2tp_tunnel_idr);<br /> <br /> By forcing memory allocation failures in idr_alloc_32, syzbot is able<br /> to provoke a condition where idr_is_empty returns false despite there<br /> being no items in the IDR. This turns out to be because the radix tree<br /> of the IDR contains only internal radix-tree nodes and it is this that<br /> causes idr_is_empty to return false. The internal nodes are cleaned by<br /> idr_destroy.<br /> <br /> Use idr_for_each to check that the IDR is empty instead of<br /> idr_is_empty to avoid the problem.