CVE-2022-50655

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ppp: associate skb with a device at tx<br /> <br /> Syzkaller triggered flow dissector warning with the following:<br /> <br /> r0 = openat$ppp(0xffffffffffffff9c, &amp;(0x7f0000000000), 0xc0802, 0x0)<br /> ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &amp;(0x7f00000000c0))<br /> ioctl$PPPIOCSACTIVE(r0, 0x40107446, &amp;(0x7f0000000240)={0x2, &amp;(0x7f0000000180)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x6}]})<br /> pwritev(r0, &amp;(0x7f0000000040)=[{&amp;(0x7f0000000140)=&amp;#39;\x00!&amp;#39;, 0x2}], 0x1, 0x0, 0x0)<br /> <br /> [ 9.485814] WARNING: CPU: 3 PID: 329 at net/core/flow_dissector.c:1016 __skb_flow_dissect+0x1ee0/0x1fa0<br /> [ 9.485929] skb_get_poff+0x53/0xa0<br /> [ 9.485937] bpf_skb_get_pay_offset+0xe/0x20<br /> [ 9.485944] ? ppp_send_frame+0xc2/0x5b0<br /> [ 9.485949] ? _raw_spin_unlock_irqrestore+0x40/0x60<br /> [ 9.485958] ? __ppp_xmit_process+0x7a/0xe0<br /> [ 9.485968] ? ppp_xmit_process+0x5b/0xb0<br /> [ 9.485974] ? ppp_write+0x12a/0x190<br /> [ 9.485981] ? do_iter_write+0x18e/0x2d0<br /> [ 9.485987] ? __import_iovec+0x30/0x130<br /> [ 9.485997] ? do_pwritev+0x1b6/0x240<br /> [ 9.486016] ? trace_hardirqs_on+0x47/0x50<br /> [ 9.486023] ? __x64_sys_pwritev+0x24/0x30<br /> [ 9.486026] ? do_syscall_64+0x3d/0x80<br /> [ 9.486031] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> Flow dissector tries to find skb net namespace either via device<br /> or via socket. Neigher is set in ppp_send_frame, so let&amp;#39;s manually<br /> use ppp-&gt;dev.