Google Git
Sign in
cos / third_party / kernel / e8d349e6cf8bda2520831804d0d147a30f1f5b75
commite8d349e6cf8bda2520831804d0d147a30f1f5b75[log] [tgz]
authorFlorian Westphal <fw@strlen.de>Thu Sep 05 12:54:46 2024 +0200
committerShuo Yang <gshuoy@google.com>Mon Oct 07 21:10:05 2024 +0000
tree37a8f7b8ae62094aac8ec7bef5aad98e4ce8987b
parent7634f112347e762e22f213fbd5287b821eae0446 [diff]
netfilter: nft_socket: fix sk refcount leaks

[ Upstream commit 8b26ff7af8c32cb4148b3e147c52f9e4c695209c ]

We must put 'sk' reference before returning.

BUG=b/371156341
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2024-46855 in the Linux kernel.

cos-patch: security-moderate
Fixes: 039b1f4f24ec ("netfilter: nft_socket: fix erroneous socket assignment")
Change-Id: I748a9749bf46b5f42c0dcf9ff73add7ae48761d8
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kernel CVE Triage Automation <cloud-image-kernel-cve-triage-automation@prod.google.com>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/82919
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Reviewed-by: Shuo Yang <gshuoy@google.com>
Reviewed-by: Anil Altinay <aaltinay@google.com>
1 file changed
tree: 37a8f7b8ae62094aac8ec7bef5aad98e4ce8987b
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. google/
  9. include/
  10. init/
  11. io_uring/
  12. ipc/
  13. kernel/
  14. lib/
  15. LICENSES/
  16. mm/
  17. net/
  18. rust/
  19. samples/
  20. scripts/
  21. security/
  22. sound/
  23. tools/
  24. usr/
  25. virt/
  26. .clang-format
  27. .cocciconfig
  28. .get_maintainer.ignore
  29. .gitattributes
  30. .gitignore
  31. .mailmap
  32. .rustfmt.toml
  33. COPYING
  34. CREDITS
  35. Kbuild
  36. Kconfig
  37. MAINTAINERS
  38. Makefile
  39. PRESUBMIT.cfg
  40. README