evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Kees Cook 23e0c38d30 net: sched: Fix memory exposure from short TCA_U32_SEL 
commit 98c8f125fd8a6240ea343c1aa50a1be9047791b8 upstream.

Via u32_change(), TCA_U32_SEL has an unspecified type in the netlink
policy, so max length isn't enforced, only minimum. This means nkeys
(from userspace) was being trusted without checking the actual size of
nla_len(), which could lead to a memory over-read, and ultimately an
exposure via a call to u32_dump(). Reachability is CAP_NET_ADMIN within
a namespace.

Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-10-29 09:13:32 +01:00
..
6lowpan 6lowpan: iphc: reset mac_header after decompress to fix panic 2018-10-10 08:52:04 +02:00
9p 9p/virtio: Add cleanup path in p9_virtio_init 2019-08-04 09:34:51 +02:00
802
8021q vlan: disable SIOCSHWTSTAMP in container 2019-05-16 19:45:17 +02:00
appletalk appletalk: enforce CAP_NET_RAW for raw sockets 2019-10-05 12:27:43 +02:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2019-04-27 09:33:59 +02:00
ax25 ax25: enforce CAP_NET_RAW for raw sockets 2019-10-05 12:27:43 +02:00
batman-adv batman-adv: fix for leaked TVLV handler. 2019-08-04 09:34:39 +02:00
bluetooth Revert "Bluetooth: validate BLE connection interval updates" 2019-10-05 12:27:36 +02:00
bridge bridge/mdb: remove wrong use of NLM_F_MULTI 2019-09-21 07:12:37 +02:00
caif net: caif: Add a missing rcu_read_unlock() in caif_flow_cb 2018-09-05 09:18:34 +02:00
can can: purge socket error queue on sock destruct 2019-07-10 09:56:33 +02:00
ceph libceph: handle an empty authorize reply 2019-03-23 08:44:18 +01:00
core net: Fix null de-reference of device refcount 2019-09-21 07:12:39 +02:00
dcb net: dcb: For wild-card lookups, use priority -1, not 0 2018-09-19 22:48:58 +02:00
dccp dccp: do not use ipv6 header for ipv4 flow 2019-04-03 06:23:25 +02:00
decnet dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock 2018-02-25 11:03:38 +01:00
dns_resolver KEYS: DNS: fix parsing multiple options 2018-07-22 14:25:54 +02:00
dsa net: dsa: slave: Don't propagate flag changes on down slave interfaces 2019-02-20 10:13:15 +01:00
ethernet net: introduce device min_header_len 2017-02-18 16:39:27 +01:00
hsr net/hsr: fix possible crash in add_timer() 2019-03-23 08:44:31 +01:00
ieee802154 ieee802154: enforce CAP_NET_RAW for raw sockets 2019-10-05 12:27:43 +02:00
ipv4 ipv4: Return -ENETUNREACH if we can't create route but saddr is valid 2019-10-29 09:13:23 +01:00
ipv6 ipv6: drop incoming packets having a v4mapped source address 2019-10-07 21:01:04 +02:00
ipx ipx: call ipxitf_put() in ioctl error path 2017-05-25 14:30:13 +02:00
irda irda: Only insert new objects into the global database via setsockopt 2018-09-15 09:40:40 +02:00
iucv af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers 2018-11-10 07:41:35 -08:00
key xfrm: clean up xfrm protocol checks 2019-09-16 08:13:35 +02:00
l2tp compat_ioctl: pppoe: fix PPPOEIOCSFWD handling 2019-08-11 12:20:46 +02:00
l3mdev net: Add netif_is_l3_slave 2015-10-07 04:27:43 -07:00
lapb lapb: fixed leak of control-blocks. 2019-06-22 08:18:25 +02:00
llc llc: fix skb leak in llc_build_and_send_ui_pkt() 2019-06-11 12:24:06 +02:00
mac80211 mac80211: Reject malformed SSID elements 2019-10-29 09:13:27 +01:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-09-09 20:04:32 +02:00
mpls mpls, nospec: Sanitize array index in mpls_label_ok() 2018-03-11 16:19:47 +01:00
netfilter netfilter: nf_conntrack_ftp: Fix debug output 2019-09-21 07:12:51 +02:00
netlabel netlabel: check for IPV4MASK in addrinfo_get 2018-10-20 09:52:36 +02:00
netlink netlink: Don't shift on 64 for ngroups 2018-08-09 12:19:28 +02:00
netrom netrom: hold sock when setting skb->destructor 2019-08-04 09:34:54 +02:00
nfc NFC: fix attrs checks in netlink interface 2019-10-07 21:01:07 +02:00
openvswitch openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC 2019-10-05 12:27:41 +02:00
packet af_packet: tone down the Tx-ring unsupported spew. 2019-09-16 08:13:36 +02:00
phonet phonet: fix building with clang 2019-03-23 08:44:34 +01:00
rds net/rds: Fix error handling in rds_ib_add_one() 2019-10-07 21:01:06 +02:00
rfkill rfkill: gpio: fix memory leak in probe error path 2018-05-16 10:06:51 +02:00
rose net: rose: fix a possible stack overflow 2019-04-03 06:23:25 +02:00
rxrpc rxrpc: check return value of skb_to_sgvec always 2018-04-13 19:50:23 +02:00
sched net: sched: Fix memory exposure from short TCA_U32_SEL 2019-10-29 09:13:32 +01:00
sctp sctp: change sctp_prot .no_autobind with true 2019-10-29 09:13:22 +01:00
sunrpc sunrpc: don't mark uninitialised items as VALID. 2019-05-16 19:44:44 +02:00
switchdev switchdev: pass pointer to fib_info instead of copy 2016-06-24 10:18:16 -07:00
tipc tipc: add NULL pointer check before calling kfree_rcu 2019-09-21 07:12:41 +02:00
unix missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-23 08:44:31 +01:00
vmw_vsock vsock: cope with memory allocation failure at socket creation time 2019-02-23 09:05:13 +01:00
wimax net:wimax: Fix doucble word "the the" in networking.xml 2015-08-09 22:43:52 -07:00
wireless cfg80211: wext: avoid copying malformed SSIDs 2019-10-29 09:13:26 +01:00
x25 net/x25: fix a race in x25_bind() 2019-03-23 08:44:30 +01:00
xfrm xfrm: clean up xfrm protocol checks 2019-09-16 08:13:35 +02:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-13 10:05:28 +01:00
Kconfig Make DST_CACHE a silent config option 2018-02-25 11:03:37 +01:00
Makefile net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
socket.c sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names 2019-03-23 08:44:21 +01:00
sysctl_net.c net: Use ns_capable_noaudit() when determining net sysctl permissions 2016-09-15 08:27:50 +02:00