MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-21 16:31:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v5.15.189
linux-yocto/include
History
Eric Dumazet a3aea97d55 netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() 
[ Upstream commit 18cdb3d982 ]

syzbot found a potential access to uninit-value in nf_flow_pppoe_proto()

Blamed commit forgot the Ethernet header.

BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27
  nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27
  nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
  nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623
  nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]
  nf_ingress net/core/dev.c:5742 [inline]
  __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837
  __netif_receive_skb_one_core net/core/dev.c:5975 [inline]
  __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090
  netif_receive_skb_internal net/core/dev.c:6176 [inline]
  netif_receive_skb+0x57/0x630 net/core/dev.c:6235
  tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485
  tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938
  tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984
  new_sync_write fs/read_write.c:593 [inline]
  vfs_write+0xb4b/0x1580 fs/read_write.c:686
  ksys_write fs/read_write.c:738 [inline]
  __do_sys_write fs/read_write.c:749 [inline]

Reported-by: syzbot+bf6ed459397e307c3ad2@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/686bc073.a00a0220.c7b3.0086.GAE@google.com/T/#u
Fixes: 87b3593bed ("netfilter: flowtable: validate pppoe header")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://patch.msgid.link/20250707124517.614489-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-07-17 18:30:53 +02:00
..
acpi ACPICA: Avoid sequence overread in call to strncmp() 2025-06-27 11:05:27 +01:00
asm-generic vmlinux.lds: Ensure that const vars with relocations are mapped R/O 2025-03-13 12:51:00 +01:00
clocksource x86/hyperv: Fix hv tsc page based sched_clock for hibernation 2025-01-09 13:28:42 +01:00
crypto crypto: af_alg - Disallow multiple in-flight AIO requests 2024-01-25 14:52:34 -08:00
drm drm/gem: Fix race in drm_gem_handle_create_tail() 2025-07-17 18:30:49 +02:00
dt-bindings clk: ti: am43xx: Add clkctrl data for am43xx ADC1 2025-07-10 15:57:35 +02:00
keys KEYS: trusted: allow use of kernel RNG for key material 2023-10-19 23:05:33 +02:00
kunit
kvm KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption 2024-07-05 09:14:51 +02:00
linux dma-buf: add dma_resv_for_each_fence_unlocked v8 2025-07-17 18:30:52 +02:00
math-emu
media media: v4l: Memset argument to 0 before calling get_mbus_config pad op 2025-06-04 14:38:02 +02:00
memory
misc
net netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() 2025-07-17 18:30:53 +02:00
pcmcia
ras
rdma RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() 2025-06-04 14:37:57 +02:00
scsi scsi: libsas: Add struct sas_tmf_task 2025-05-02 07:44:07 +02:00
soc soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request 2024-06-16 13:39:55 +02:00
sound ALSA: pcm: Fix race of buffer access at PCM OSS layer 2025-06-04 14:38:06 +02:00
target scsi: target: Fix multiple LUN_RESET handling 2023-05-11 23:00:26 +09:00
trace erofs: remove unused trace event erofs_destroy_inode 2025-06-27 11:05:35 +01:00
uapi vsock/uapi: fix linux/vm_sockets.h userspace compilation errors 2025-07-10 15:57:38 +02:00
vdso
video
xen xen: replace xen_remap() with memremap() 2025-07-17 18:30:48 +02:00