)]}'
{
  "commit": "9ebf9d3fc65ec5788445c0f50fb8b029e762fb76",
  "tree": "9f0049b788bbb7a76034d1e4189649c5aa952768",
  "parents": [
    "2271f3f4f2083ca2873ea2584a6bcc121fe4786c"
  ],
  "author": {
    "name": "Eric Dumazet",
    "email": "edumazet@google.com",
    "time": "Fri Feb 07 13:58:35 2025 +0000"
  },
  "committer": {
    "name": "Shuo Yang",
    "email": "gshuoy@google.com",
    "time": "Sun Mar 30 02:06:31 2025 -0700"
  },
  "message": "neighbour: use RCU protection in __neigh_notify()\n\n[ Upstream commit becbd5850c03ed33b232083dd66c6e38c0c0e569 ]\n\n__neigh_notify() can be called without RTNL or RCU protection.\n\nUse RCU protection to avoid potential UAF.\n\nBUG\u003db/405560945\nTEST\u003dpresubmit\nRELEASE_NOTE\u003dFixed CVE-2025-21763 in the Linux kernel.\n\ncos-patch: security-high\nFixes: 426b5303eb43 (\"[NETNS]: Modify the neighbour table code so it handles multiple network namespaces\")\nChange-Id: I8fee291e3781d5b619f01d2d8def4b4636872907\nSigned-off-by: Eric Dumazet \u003cedumazet@google.com\u003e\nReviewed-by: David Ahern \u003cdsahern@kernel.org\u003e\nReviewed-by: Kuniyuki Iwashima \u003ckuniyu@amazon.com\u003e\nLink: https://patch.msgid.link/20250207135841.1948589-4-edumazet@google.com\nSigned-off-by: Jakub Kicinski \u003ckuba@kernel.org\u003e\nSigned-off-by: Sasha Levin \u003csashal@kernel.org\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/97640\nReviewed-by: Kevin Berry \u003ckpberry@google.com\u003e\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "b127533e74f37d1100320396e1c3cacbaf290890",
      "old_mode": 33188,
      "old_path": "net/core/neighbour.c",
      "new_id": "2e2c009b5a2db5941e4f257bc6813363f2d2932c",
      "new_mode": 33188,
      "new_path": "net/core/neighbour.c"
    }
  ]
}