Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the frag_list used for reassembly isn't shared with other packets. This avoids incorrect reassembly when packets are cloned, and prevents a memory leak due to circular references between fragments and their skb_shared_info. The upcoming MCTP-over-USB driver uses skb_clone which can trigger the problem - other MCTP drivers don't share SKBs. A kunit test is added to reproduce the issue.
CVSS3: 5.5
| OS | Vendor version | Errata |
|---|---|---|
| Ubuntu 24.04 | 6.8.0-84.84 | USN-7764-1 |
| Ubuntu 24.04 AWS | 6.8.0-1039.41 | USN-7764-1 |
| OS | Original kernel version | State |
|---|---|---|
| Ubuntu 24.04 | |
Planned |
| Ubuntu 24.04 AWS | |
Planned |