shinys000114/linux
1
0
Fork 0
mirror of https://github.com/hardkernel/linux.git synced 2026-06-10 12:57:06 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
d4fa65960a9d0cb87a1102d47145675ceed7a4e6
linux/net
History
Pablo Neira Ayuso a8acfe2c6f netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits 
commit 696e1a48b1 upstream.

If the offset + length goes over the ethernet + vlan header, then the
length is adjusted to copy the bytes that are within the boundaries of
the vlan_ethhdr scratchpad area. The remaining bytes beyond ethernet +
vlan header are copied directly from the skbuff data area.

Fix incorrect arithmetic operator: subtract, not add, the size of the
vlan header in case of double-tagged packets to adjust the length
accordingly to address CVE-2023-0179.

Reported-by: Davide Ornaghi <d.ornaghi97@gmail.com>
Fixes: f6ae9f120d ("netfilter: nft_payload: add C-VLAN support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-18 11:48:46 +01:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-07-22 16:19:03 +02:00
9p
9p: set req refcount to zero to avoid uninitialized usage
2022-12-31 13:14:46 +01:00
802
mrp: introduce active flags to prevent UAF when applicant uninit
2022-12-31 13:14:42 +01:00
8021q
net: use eth_hw_addr_set() instead of ether_addr_copy()
2022-08-31 17:16:37 +02:00
appletalk
net: socket: rework compat_ifreq_ioctl()
2021-07-23 14:20:25 +01:00
atm
net/atm: fix proc_mpc_write incorrect return value
2022-10-29 10:12:55 +02:00
ax25
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
2022-06-22 14:22:01 +02:00
batman-adv
batman-adv: Use netif_rx_any_context() any.
2022-07-29 17:25:07 +02:00
bluetooth
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
2022-12-31 13:14:21 +01:00
bpf
bpf: Move skb->len == 0 checks into __bpf_redirect
2022-12-31 13:14:11 +01:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-06-25 13:13:50 +02:00
bridge
bridge: switchdev: Fix memory leaks when changing VLAN protocol
2022-11-26 09:24:40 +01:00
caif
caif: fix memory leak in cfctrl_linkup_request()
2023-01-12 11:59:16 +01:00
can
can: af_can: fix NULL pointer dereference in can_rcv_filter
2022-12-14 11:37:22 +01:00
ceph
libceph: fix potential use-after-free on linger ping and resends
2022-05-25 09:57:28 +02:00
core
bpf: pull before calling skb_postpull_rcsum()
2023-01-12 11:59:08 +01:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-08 19:12:52 +01:00
dccp
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
2022-12-02 17:41:07 +01:00
decnet
net: Fix data-races around sysctl_[rw]mem(_offset)?.
2022-08-03 12:03:51 +02:00
dns_resolver
dsa
net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path
2022-12-31 13:14:21 +01:00
ethernet
move netdev_boot_setup into Space.c
2021-08-03 13:05:26 +01:00
ethtool
ethtool: avoiding integer overflow in ethtool_phys_id()
2022-12-31 13:14:42 +01:00
hsr
hsr: Synchronize sequence number updates.
2022-12-31 13:14:15 +01:00
ieee802154
net: ieee802154: fix error return code in dgram_bind()
2022-11-03 23:59:14 +09:00
ife
ipv4
net/ulp: prevent ULP without clone op from entering the LISTEN status
2023-01-14 10:23:28 +01:00
ipv6
ipv6/sit: use DEV_STATS_INC() to avoid data-races
2022-12-31 13:14:42 +01:00
iucv
net/iucv: Replace deprecated CPU-hotplug functions.
2021-08-09 10:13:32 +01:00
kcm
kcm: close race conditions on sk_receive_queue
2022-11-26 09:24:50 +01:00
key
xfrm: Fix oops in __xfrm_state_delete()
2022-12-02 17:41:06 +01:00
l2tp
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
2022-06-22 14:21:58 +02:00
l3mdev
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
2022-04-27 14:38:53 +02:00
lapb
net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c
2021-06-08 16:31:25 -07:00
llc
llc: only change llc->dev when bind() succeeds
2022-03-28 09:58:46 +02:00
mac80211
wifi: mac80211: fix memory leak in ieee80211_if_add()
2022-12-31 13:14:14 +01:00
mac802154
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
2022-12-14 11:37:25 +01:00
mctp
mctp: Fix an error handling path in mctp_init()
2022-11-16 09:58:22 +01:00
mpls
net: Use u64_stats_fetch_begin_irq() for stats fetch.
2022-09-08 12:28:07 +02:00
mptcp
mptcp: use proper req destructor for IPv6
2023-01-12 11:59:19 +01:00
ncsi
net/ncsi: check for error return from call to nla_put_u32
2022-01-05 12:42:37 +01:00
netfilter
netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
2023-01-18 11:48:46 +01:00
netlabel
netlabel: fix out-of-bounds memory accesses
2022-04-13 20:59:10 +02:00
netlink
net: genl: fix error path memory leak in policy dumping
2022-08-25 11:40:25 +02:00
netrom
netrom: fix api breakage in nr_setsockopt()
2022-01-27 11:04:00 +01:00
nfc
nfc: Fix potential resource leaks
2023-01-12 11:59:10 +01:00
nsh
openvswitch
openvswitch: Fix flow lookup to use unmasked key
2022-12-31 13:14:38 +01:00
packet
net/af_packet: make sure to pull mac header
2023-01-12 11:58:49 +01:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 15:35:16 +01:00
psample
qrtr
net: qrtr: start MHI channel after endpoit creation
2022-08-25 11:40:29 +02:00
rds
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
2022-10-26 12:34:49 +02:00
rfkill
rfkill: make new event layout opt-in
2022-04-08 14:23:00 +02:00
rose
rose: Fix NULL pointer dereference in rose_send_frame()
2022-11-10 18:15:29 +01:00
rxrpc
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
2022-12-31 13:14:39 +01:00
sched
net: sched: disallow noqueue for qdisc classes
2023-01-14 10:23:28 +01:00
sctp
sctp: sysctl: make extra pointers netns aware
2022-12-31 13:14:20 +01:00
smc
net/smc: Fix possible leaked pernet namespace in smc_init()
2022-11-10 18:15:31 +01:00
strparser
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 19:17:11 +01:00
sunrpc
SUNRPC: ensure the matching upcall is in-flight upon downcall
2023-01-12 11:59:08 +01:00
switchdev
net: make switchdev_bridge_port_{,unoffload} loosely coupled with the bridge
2021-08-04 12:35:07 +01:00
tipc
tipc: call tipc_lxc_xmit without holding node_read_lock
2022-12-14 11:37:29 +01:00
tls
bpf, sockmap: Fix missing BPF_F_INGRESS flag when using apply_bytes
2022-12-31 13:14:14 +01:00
unix
unix: Fix race in SOCK_SEQPACKET's unix_dgram_sendmsg()
2022-12-31 13:14:37 +01:00
vmw_vsock
net: vmw_vsock: vmci: Check memcpy_from_msg()
2022-12-31 13:14:18 +01:00
wireless
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
2022-12-31 13:14:14 +01:00
x25
net/x25: Fix skb leak in x25_lapb_receive_frame()
2022-11-26 09:24:41 +01:00
xdp
xsk: Fix backpressure mechanism on Tx
2022-10-26 12:34:40 +02:00
xfrm
xfrm: replay: Fix ESN wrap around for GSO
2022-12-02 17:41:02 +01:00
compat.c
net: Return the correct errno code
2021-06-03 15:13:56 -07:00
devres.c
net: devres: Correct a grammatical error
2021-06-11 12:55:28 -07:00
Kconfig
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
Makefile
mctp: Add MCTP base
2021-07-29 15:06:49 +01:00
socket.c
net: Fix a data-race around sysctl_somaxconn.
2022-08-31 17:16:45 +02:00
sysctl_net.c
net: Ensure net namespace isolation of sysctls
2021-04-12 13:27:11 -07:00