MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-21 16:31:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.1.146
linux-yocto/include
History
Eric Dumazet eed8960b28 netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() 
[ Upstream commit 18cdb3d982 ]

syzbot found a potential access to uninit-value in nf_flow_pppoe_proto()

Blamed commit forgot the Ethernet header.

BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27
  nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27
  nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
  nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623
  nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]
  nf_ingress net/core/dev.c:5742 [inline]
  __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837
  __netif_receive_skb_one_core net/core/dev.c:5975 [inline]
  __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090
  netif_receive_skb_internal net/core/dev.c:6176 [inline]
  netif_receive_skb+0x57/0x630 net/core/dev.c:6235
  tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485
  tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938
  tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984
  new_sync_write fs/read_write.c:593 [inline]
  vfs_write+0xb4b/0x1580 fs/read_write.c:686
  ksys_write fs/read_write.c:738 [inline]
  __do_sys_write fs/read_write.c:749 [inline]

Reported-by: syzbot+bf6ed459397e307c3ad2@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/686bc073.a00a0220.c7b3.0086.GAE@google.com/T/#u
Fixes: 87b3593bed ("netfilter: flowtable: validate pppoe header")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://patch.msgid.link/20250707124517.614489-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-07-17 18:32:12 +02:00
..
acpi ACPICA: Avoid sequence overread in call to strncmp() 2025-06-27 11:07:32 +01:00
asm-generic Drivers: hv: Change hv_free_hyperv_page() to take void * argument 2025-07-06 10:57:58 +02:00
clocksource x86/hyperv: Fix hv tsc page based sched_clock for hibernation 2025-01-09 13:29:56 +01:00
crypto crypto: simd - Do not call crypto_alloc_tfm during registration 2024-10-17 15:21:39 +02:00
drm drm/gem: Fix race in drm_gem_handle_create_tail() 2025-07-17 18:32:08 +02:00
dt-bindings ASoC: qcom: q6dsp: add support to more display ports 2025-05-02 07:46:53 +02:00
keys
kunit
kvm
linux fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass 2025-07-17 18:32:10 +02:00
math-emu
media media: v4l2-core: v4l2-dv-timings: check cvt/gtf result 2024-12-14 19:54:04 +01:00
memory memory: renesas-rpc-if: Remove Runtime PM wrappers 2024-12-14 19:53:37 +01:00
misc
net netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() 2025-07-17 18:32:12 +02:00
pcmcia
ras
rdma RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() 2025-06-04 14:40:06 +02:00
rv rv: Reset per-task monitors also for idle tasks 2025-02-21 13:49:47 +01:00
scsi scsi: core: Fix the return value of scsi_logical_block_count() 2024-08-29 17:30:49 +02:00
soc net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged 2025-05-09 09:41:39 +02:00
sound ALSA: pcm: Fix race of buffer access at PCM OSS layer 2025-06-04 14:40:20 +02:00
target
trace erofs: adapt folios for z_erofs_read_folio() 2025-07-17 18:32:12 +02:00
uapi vsock/uapi: fix linux/vm_sockets.h userspace compilation errors 2025-07-06 10:58:00 +02:00
ufs scsi: ufs: core: Fix the HIGH/LOW_TEMP Bit Definitions 2025-02-21 13:49:42 +01:00
vdso
video
xen xen/mcelog: Add __nonstring annotations for unterminated strings 2025-04-25 10:43:27 +02:00