CVE-2024-56661

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tipc: fix NULL deref in cleanup_bearer()<br /> <br /> syzbot found [1] that after blamed commit, ub-&gt;ubsock-&gt;sk<br /> was NULL when attempting the atomic_dec() :<br /> <br /> atomic_dec(&amp;tipc_net(sock_net(ub-&gt;ubsock-&gt;sk))-&gt;wq_count);<br /> <br /> Fix this by caching the tipc_net pointer.<br /> <br /> [1]<br /> <br /> Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI<br /> KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]<br /> CPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024<br /> Workqueue: events cleanup_bearer<br /> RIP: 0010:read_pnet include/net/net_namespace.h:387 [inline]<br /> RIP: 0010:sock_net include/net/sock.h:655 [inline]<br /> RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820<br /> Code: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b<br /> RSP: 0018:ffffc9000410fb70 EFLAGS: 00010206<br /> RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00<br /> RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900<br /> RBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20<br /> R10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980<br /> R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918<br /> FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400