averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-14 09:57:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e1e04cc2ef2c0c0866c19f5627149a76c2baae32
linux-stable-mirror/net
History
Zhengchao Shao e1e04cc2ef ip_vti: fix potential slab-use-after-free in decode_session6 
[ Upstream commit 6018a26627 ]

When ip_vti device is set to the qdisc of the sfb type, the cb field
of the sent skb may be modified during enqueuing. Then,
slab-use-after-free may occur when ip_vti device sends IPv6 packets.
As commit f855691975 ("xfrm6: Fix the nexthdr offset in
_decode_session6.") showed, xfrm_decode_session was originally intended
only for the receive path. IP6CB(skb)->nhoff is not set during
transmission. Therefore, set the cb field in the skb to 0 before
sending packets.

Fixes: f855691975 ("xfrm6: Fix the nexthdr offset in _decode_session6.")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-08-26 14:23:32 +02:00
..
6lowpan
9p
9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
2023-04-20 12:13:53 +02:00
802
8021q
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
2023-05-24 17:36:52 +01:00
appletalk
atm
atm: hide unused procfs functions
2023-06-09 10:32:26 +02:00
ax25
batman-adv
batman-adv: Broken sync while rescheduling delayed work
2023-06-14 11:13:04 +02:00
bluetooth
Bluetooth: L2CAP: Fix use-after-free
2023-08-26 14:23:25 +02:00
bpf
bpfilter
bridge
bridge: Add extack warning when enabling STP in netns.
2023-07-27 08:46:59 +02:00
caif
net: caif: Fix use-after-free in cfusbl_device_notify()
2023-03-17 08:48:54 +01:00
can
can: bcm: Fix UAF in bcm_proc_show()
2023-07-27 08:46:55 +02:00
ceph
libceph: fix potential hang in ceph_osdc_notify()
2023-08-11 15:13:55 +02:00
core
bpf, sockmap: Fix bug that strp_done cannot be called
2023-08-16 18:22:00 +02:00
dcb
net: dcb: choose correct policy to parse DCB_ATTR_BCN
2023-08-11 15:13:53 +02:00
dccp
dccp: fix data-race around dp->dccps_mss_cache
2023-08-16 18:22:01 +02:00
dns_resolver
dsa
net: dsa: tag_sja1105: fix MAC DA patching from meta frames
2023-07-23 13:47:30 +02:00
ethernet
ethtool
ethtool: Fix uninitialized number of lanes
2023-05-17 11:50:18 +02:00
hsr
hsr: ratelimit only when errors are printed
2023-04-05 11:25:02 +02:00
ieee802154
ife
ipv4
ip_vti: fix potential slab-use-after-free in decode_session6
2023-08-26 14:23:32 +02:00
ipv6
ip6_vti: fix slab-use-after-free in decode_session6
2023-08-26 14:23:32 +02:00
iucv
net/iucv: Fix size of interrupt data
2023-03-22 13:31:28 +01:00
kcm
key
net: af_key: fix sadb_x_filter validation
2023-08-26 14:23:32 +02:00
l2tp
inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
2023-04-26 13:51:54 +02:00
l3mdev
lapb
llc
llc: Don't drop packet from non-root netns.
2023-07-27 08:47:02 +02:00
mac80211
wifi: mac80211: simplify chanctx allocation
2023-06-09 10:32:25 +02:00
mac802154
mctp
net: mctp: purge receive queues on sk destruction
2023-02-06 07:59:02 +01:00
mpls
net: mpls: fix stale pointer if allocation fails during device rename
2023-02-22 12:57:09 +01:00
mptcp
mptcp: consolidate fallback and non fallback state machine
2023-07-05 18:25:04 +01:00
ncsi
net/ncsi: clear Tx enable mode when handling a Config required AEN
2023-05-17 11:50:16 +02:00
netfilter
netfilter: nf_tables: report use refcount overflow
2023-08-16 18:22:03 +02:00
netlabel
netlink
netlink: Add __sock_i_ino() for __netlink_diag_dump().
2023-07-23 13:46:56 +02:00
netrom
netrom: fix info-leak in nr_write_internal()
2023-06-09 10:32:16 +02:00
nfc
net: nfc: Fix use-after-free caused by nfc_llcp_find_local
2023-07-23 13:46:56 +02:00
nsh
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
2023-05-24 17:36:51 +01:00
openvswitch
net: openvswitch: fix possible memory leak in ovs_meter_cmd_set()
2023-02-22 12:57:09 +01:00
packet
net/packet: annotate data-races around tp->status
2023-08-16 18:22:01 +02:00
phonet
psample
qrtr
net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume()
2023-04-20 12:13:53 +02:00
rds
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
2023-03-10 09:39:16 +01:00
rfkill
rose
net/rose: Fix to not accept on connected socket
2023-02-22 12:57:02 +01:00
rxrpc
rxrpc: Fix hard call timeout units
2023-05-17 11:50:17 +02:00
sched
sch_netem: fix issues in netem_change() vs get_dist_table()
2023-08-16 18:22:04 +02:00
sctp
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
2023-07-23 13:47:27 +02:00
smc
net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT
2023-06-14 11:13:01 +02:00
strparser
sunrpc
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
2023-07-23 13:47:20 +02:00
switchdev
tipc
tipc: stop tipc crypto on failure in tipc_node_create
2023-08-03 10:22:37 +02:00
tls
net: tls: avoid discarding data on record close
2023-08-26 14:23:22 +02:00
unix
net: add missing data-race annotations around sk->sk_peek_off
2023-08-11 15:13:51 +02:00
vmw_vsock
vsock: avoid to close connected socket after the timeout
2023-05-24 17:36:49 +01:00
wireless
wifi: cfg80211: Fix return value in scan logic
2023-08-11 15:13:49 +02:00
x25
net/x25: Fix to not accept on connected socket
2023-02-09 11:26:40 +01:00
xdp
xsk: fix refcount underflow in error path
2023-08-16 18:22:01 +02:00
xfrm
xfrm: fix slab-use-after-free in decode_session6
2023-08-26 14:23:32 +02:00
compat.c
devres.c
Kconfig
Remove DECnet support from kernel
2023-06-21 15:59:15 +02:00
Makefile
Remove DECnet support from kernel
2023-06-21 15:59:15 +02:00
socket.c
net: annotate sk->sk_err write from do_recvmmsg()
2023-05-24 17:36:42 +01:00
sysctl_net.c