2025-05-01 14:10:49
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved:
net/smc: Fix possible leaked pernet namespace in smc_init()
In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called
without any error handling.
If it fails, registering of &smc_net_ops wont be reverted.
And if smc_nl_init() fails, &smc_net_stat_ops itself wont be reverted.
This leaves wild ops in subsystem linkedlist and when another module
tries to call register_pernet_operations() it triggers page fault:
BUG: unable to handle page fault for address: fffffbfff81b964c
RIP: 0010:register_pernet_operations+0x1b9/0x5f0
Call Trace: