GHSA-mp79-8qq6-qp9gMediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix...

Published
June 25, 2026
Last Modified
July 2, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: fix possible kfree_skb of ERR_PTR

After the patch in the "Fixes" tag, the allocation of the "reply" skb can happen either before or after locking the ovs_mutex.

However, error cleanups still follow the classical reversed order, assuming "reply" is allocated before locking: it is freed after unlocking.

If "reply" allocation happens after locking the mutex and it fails, "reply" is left with an ERR_PTR, and execution jumps to the correspondent cleanup stage which will try to free an invalid pointer.

Fix this by setting the pointer to NULL after having saved its error value.

🔗 References (10)