References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: defer tunnel netdev_put to RCU release

ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already
detached the device. Dropping the netdev reference in destroy can race
with concurrent readers that still observe vport->dev.

Do not release vport->dev in ovs_netdev_tunnel_destroy(). Instead, let
vport_netdev_free() drop the reference from the RCU callback, matching
the non-tunnel destroy path and avoiding additional synchronization
under RTNL.

https://git.kernel.org/stable/c/42f0d3d81209654c08ffdde5a34b9b92d2645896

https://git.kernel.org/stable/c/6931d21f87bc6d657f145798fad0bf077b82486c

https://git.kernel.org/stable/c/98b726ab5e2a4811e27c28e4d041f75bba147eab

https://git.kernel.org/stable/c/9d56aced21fb9c104e8a3f3be9b21fbafe448ffc

https://git.kernel.org/stable/c/b8c56a3fc5d879c0928f207a756b0f067f06c6a8

https://git.kernel.org/stable/c/bbe7bd722bfaea36aab3da6cc60fb4a05c644643