This bug is awaiting verification that the linux-oem-6.17/6.17.0-1004.4 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-oem-6.17' to 'verification-done- noble-linux-oem-6.17'. If the problem still exists, change the tag 'verification-needed-noble-linux-oem-6.17' to 'verification-failed- noble-linux-oem-6.17'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-noble-linux-oem-6.17-v2 verification-needed-noble-linux-oem-6.17 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2125053 Title: UBUNTU: fan: fail to check kmalloc() return could cause a NULL pointer dereference Status in linux package in Ubuntu: Fix Released Status in linux source package in Jammy: In Progress Status in linux source package in Noble: In Progress Status in linux source package in Plucky: In Progress Status in linux source package in Questing: Fix Released Bug description: [Impact] In the UBUNTU SAUCE VXLAN implementation for fan, in 'vxlan_fan_add_map()' a memory chunk is allocated to hold the a fan_map structure. However, the return of 'kmalloc()' is not checked, therefore it can lead to a NULL pointer dereference on allocation failure. --- static int vxlan_fan_add_map(struct vxlan_dev *vxlan, struct ifla_fan_map *map) { [...] fan_map = kmalloc(sizeof(*fan_map), GFP_KERNEL); fan_map->underlay = map->underlay; --- The issue was introduced by commit "UBUNTU: SAUCE: fan: add VXLAN implementation". [Fix] The fix is a simple check whether the memory allocation failed and return an error if so. The function doesn't perform any other operation prior to calling 'kmalloc()' that needs to be rolled back on error, therefore it can simply return -ENOMEM. --- fan_map = kmalloc(sizeof(*fan_map), GFP_KERNEL); + if (!fan_map) + return -ENOMEM; --- [Test plan] I have not tested the fix functionally, as the issue is hard to reproduce. This code path is exercised by the 'ubuntu_fan_smoke_test' regression tests. [Where problems could occur] The fix is straightforward, however if issues are to occur they will happen while creating new fan interface. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2125053/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
