net: dst: Backport fix CVE-2025-40075

[PATCH 6.12.y 0/2] net: dst: Backport fix CVE-2025-40075

Gyokhan Kochmarla posted 2 patches 1 month, 3 weeks ago

Download series mbox

include/net/dst.h      | 16 +++++++++++-----
net/core/dst.c         |  2 +-
net/ipv4/route.c       |  4 ++--
net/ipv4/tcp_metrics.c |  6 +++---
4 files changed, 17 insertions(+), 11 deletions(-)

Expand all Fold all

[PATCH 6.12.y 0/2] net: dst: Backport fix CVE-2025-40075

Posted by Gyokhan Kochmarla 1 month, 3 weeks ago

From: Gyokhan Kochmarla <gyokhan@amazon.com>

This patch series backports two commits from mainline to fix CVE-2025-40075,
a data race vulnerability in dst->dev access.

The first patch introduces dst->dev_rcu and dst_dev_net_rcu() helper to
provide proper RCU protection with lockdep support. The second patch uses
the new helper in tcp_metrics to eliminate unsafe dst_dev() calls.

These are clean cherry-picks from mainline commits:
- caedcc5b6df1 ("net: dst: introduce dst->dev_rcu")
- 50c127a69cd6 ("tcp_metrics: use dst_dev_net_rcu()")

Eric Dumazet (2):
  net: dst: introduce dst->dev_rcu
  tcp_metrics: use dst_dev_net_rcu()

 include/net/dst.h      | 16 +++++++++++-----
 net/core/dst.c         |  2 +-
 net/ipv4/route.c       |  4 ++--
 net/ipv4/tcp_metrics.c |  6 +++---
 4 files changed, 17 insertions(+), 11 deletions(-)

-- 
2.47.3




Amazon Web Services Development Center Germany GmbH
Tamara-Danz-Str. 13
10243 Berlin
Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597