CVE-2023-53190

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vxlan: Fix memory leaks in error path<br /> <br /> The memory allocated by vxlan_vnigroup_init() is not freed in the error<br /> path, leading to memory leaks [1]. Fix by calling<br /> vxlan_vnigroup_uninit() in the error path.<br /> <br /> The leaks can be reproduced by annotating gro_cells_init() with<br /> ALLOW_ERROR_INJECTION() and then running:<br /> <br /> # echo "100" &gt; /sys/kernel/debug/fail_function/probability<br /> # echo "1" &gt; /sys/kernel/debug/fail_function/times<br /> # echo "gro_cells_init" &gt; /sys/kernel/debug/fail_function/inject<br /> # printf %#x -12 &gt; /sys/kernel/debug/fail_function/gro_cells_init/retval<br /> # ip link add name vxlan0 type vxlan dstport 4789 external vnifilter<br /> RTNETLINK answers: Cannot allocate memory<br /> <br /> [1]<br /> unreferenced object 0xffff88810db84a00 (size 512):<br /> comm "ip", pid 330, jiffies 4295010045 (age 66.016s)<br /> hex dump (first 32 bytes):<br /> f8 d5 76 0e 81 88 ff ff 01 00 00 00 00 00 00 02 ..v.............<br /> 03 00 04 00 48 00 00 00 00 00 00 01 04 00 01 00 ....H...........<br /> backtrace:<br /> [] kmalloc_trace+0x2a/0x60<br /> [] vxlan_vnigroup_init+0x4c/0x160<br /> [] vxlan_init+0x1ae/0x280<br /> [] register_netdevice+0x57a/0x16d0<br /> [] __vxlan_dev_create+0x7c7/0xa50<br /> [] vxlan_newlink+0xd6/0x130<br /> [] __rtnl_newlink+0x112b/0x18a0<br /> [] rtnl_newlink+0x6c/0xa0<br /> [] rtnetlink_rcv_msg+0x43f/0xd40<br /> [] netlink_rcv_skb+0x170/0x440<br /> [] netlink_unicast+0x53f/0x810<br /> [] netlink_sendmsg+0x958/0xe70<br /> [] ____sys_sendmsg+0x78f/0xa90<br /> [] ___sys_sendmsg+0x13a/0x1e0<br /> [] __sys_sendmsg+0x11c/0x1f0<br /> [] do_syscall_64+0x38/0x80<br /> unreferenced object 0xffff88810e76d5f8 (size 192):<br /> comm "ip", pid 330, jiffies 4295010045 (age 66.016s)<br /> hex dump (first 32 bytes):<br /> 04 00 00 00 00 00 00 00 db e1 4f e7 00 00 00 00 ..........O.....<br /> 08 d6 76 0e 81 88 ff ff 08 d6 76 0e 81 88 ff ff ..v.......v.....<br /> backtrace:<br /> [] __kmalloc_node+0x4e/0x90<br /> [] kvmalloc_node+0xa6/0x1f0<br /> [] bucket_table_alloc.isra.0+0x83/0x460<br /> [] rhashtable_init+0x43b/0x7c0<br /> [] vxlan_vnigroup_init+0x6c/0x160<br /> [] vxlan_init+0x1ae/0x280<br /> [] register_netdevice+0x57a/0x16d0<br /> [] __vxlan_dev_create+0x7c7/0xa50<br /> [] vxlan_newlink+0xd6/0x130<br /> [] __rtnl_newlink+0x112b/0x18a0<br /> [] rtnl_newlink+0x6c/0xa0<br /> [] rtnetlink_rcv_msg+0x43f/0xd40<br /> [] netlink_rcv_skb+0x170/0x440<br /> [] netlink_unicast+0x53f/0x810<br /> [] netlink_sendmsg+0x958/0xe70<br /> [] ____sys_sendmsg+0x78f/0xa90