git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Yiqi Sun <sunyiqixm@gmail.com>
	Thu, 2 Apr 2026 07:04:19 +0000 (15:04 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 22 Apr 2026 11:30:37 +0000 (13:30 +0200)
commit	5b9911582d441f72fe6ccb15ffe3303bbc07f6f5
tree	98d500721e522dfa1ac3d40c2f763e362e21db68	tree \| snapshot
parent	635038fe19db391117e66b46bdc2b6e447ac801d	commit \| diff

ipv4: icmp: fix null-ptr-deref in icmp_build_probe()

[ Upstream commit fde29fd9349327acc50d19a0b5f3d5a6c964dfd8 ]

ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the
IPv6 stack is not active (CONFIG_IPV6=m and not loaded), and passing
this error pointer to dev_hold() will cause a kernel crash with
null-ptr-deref.

Instead, silently discard the request. RFC 8335 does not appear to
define a specific response for the case where an IPv6 interface
identifier is syntactically valid but the implementation cannot perform
the lookup at runtime, and silently dropping the request may safer than
misreporting "No Such Interface".

Fixes: d329ea5bd884 ("icmp: add response to RFC 8335 PROBE messages")
Signed-off-by: Yiqi Sun <sunyiqixm@gmail.com>
Link: https://patch.msgid.link/20260402070419.2291578-1-sunyiqixm@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>