msm-4.14/net at e416d65ff456066d60d813c540ab2dd2a06d3d12 - msm-4.14 - HostKita Git

malhuda/msm-4.14

mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00

History

Wander Lairson Costa e416d65ff4 netfilter: xt_u32: validate user space input

commit 69c5d284f67089b4750d28ff6ac6f52ec224b330 upstream.

The xt_u32 module doesn't validate the fields in the xt_u32 structure.
An attacker may take advantage of this to trigger an OOB read by setting
the size fields with a value beyond the arrays boundaries.

Add a checkentry function to validate the structure.

This was originally reported by the ZDI project (ZDI-CAN-18408).

Fixes: 1b50b8a371e9 ("[NETFILTER]: Add u32 match")
Cc: stable@vger.kernel.org
Signed-off-by: Wander Lairson Costa <wander@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2023-09-23 10:46:59 +02:00

..

…

9p: virtio: make sure 'offs' is initialized in zc_request

2023-09-23 10:46:52 +02:00

mrp: introduce active flags to prevent UAF when applicant uninit

2023-01-18 09:26:32 +01:00

vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()

2023-05-30 12:38:36 +01:00

appletalk: Fix skb allocation size in loopback case

2021-04-07 12:47:02 +02:00

atm: hide unused procfs functions

2023-06-09 10:22:52 +02:00

ax25: Fix UAF bugs in ax25 timers

2022-04-27 13:15:32 +02:00

batman-adv: Fix batadv_v_ogm_aggr_send memory leak

2023-08-30 16:35:15 +02:00

Bluetooth: L2CAP: Fix use-after-free

2023-08-30 16:35:11 +02:00

bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()

2022-11-25 17:36:54 +01:00

net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode

2023-08-11 11:33:40 +02:00

net: caif: Fix use-after-free in cfusbl_device_notify()

2023-03-17 08:30:37 +01:00

can: bcm: Fix UAF in bcm_proc_show()

2023-08-11 11:33:47 +02:00

libceph: fix potential hang in ceph_osdc_notify()

2023-08-11 11:33:56 +02:00

rtnetlink: Reject negative ifindexes in RTM_NEWLINK

2023-08-30 16:35:15 +02:00

net: dcb: disable softirqs in dcbnl_flush_dev()

2022-03-08 19:01:58 +01:00

dccp: fix data-race around dp->dccps_mss_cache

2023-08-16 18:10:54 +02:00

Remove DECnet support from kernel

2023-06-21 15:38:58 +02:00

KEYS: Don't write out to userspace while holding key semaphore

2020-04-24 08:01:25 +02:00

net: dsa: Fix duplicate frames flooded by learning

2020-04-02 16:34:24 +02:00

…

net: hsr: Fix potential use-after-free

2022-12-08 11:16:32 +01:00

net: ieee802154: fix error return code in dgram_bind()

2022-11-03 23:50:54 +09:00

…

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

2023-09-23 10:46:59 +02:00

lwt: Check LWTUNNEL_XMIT_CONTINUE strictly

2023-09-23 10:46:55 +02:00

…

net/iucv: Fix size of interrupt data

2023-03-22 13:26:15 +01:00

kcm: close race conditions on sk_receive_queue

2022-11-25 17:36:54 +01:00

net: af_key: fix sadb_x_filter validation

2023-08-30 16:35:11 +02:00

inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().

2023-04-26 11:18:57 +02:00

…

net: lapb: Copy the skb before sending a packet

2021-02-10 09:12:08 +01:00

llc: Don't drop packet from non-root netns.

2023-08-11 11:33:49 +02:00

wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta

2023-04-20 12:02:10 +02:00

mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()

2022-12-14 11:26:14 +01:00

net: mpls: fix stale pointer if allocation fails during device rename

2023-02-22 12:46:06 +01:00

net/ncsi: Avoid GFP_KERNEL in response handler

2021-04-16 11:57:51 +02:00

netfilter: xt_u32: validate user space input

2023-09-23 10:46:59 +02:00

netlabel: fix shift wrapping bug in netlbl_catmap_setlong()

2023-09-23 10:46:53 +02:00

netlink: Add __sock_i_ino() for __netlink_diag_dump().

2023-08-11 11:33:35 +02:00

netrom: Deny concurrent connect().

2023-09-23 10:46:55 +02:00

nfc: change order inside nfc_se_io error path

2023-03-17 08:30:37 +01:00

net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()

2023-05-30 12:38:36 +01:00

net: openvswitch: fix flow memory leak in ovs_flow_cmd_new

2023-02-22 12:46:01 +01:00

net/packet: annotate data-races around tp->status

2023-08-16 18:10:54 +02:00

phonet: refcount leak in pep_sock_accep

2022-01-11 13:57:37 +01:00

…

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

2021-03-30 14:40:12 +02:00

net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()

2022-10-26 13:17:00 +02:00

…

net/rose: Fix to not accept on connected socket

2023-02-22 12:46:05 +01:00

rxrpc: Don't try to resend the request if we're receiving the reply

2022-06-14 16:53:50 +02:00

net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free

2023-08-11 11:33:55 +02:00

sctp: handle invalid error codes without calling BUG()

2023-09-23 10:46:54 +02:00

net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending

2022-05-18 09:18:06 +02:00

…

SUNRPC: Fix UAF in svc_tcp_listen_data_ready()

2023-08-11 11:33:44 +02:00

…

net: tipc: resize nlattr array to correct size

2023-06-21 15:38:59 +02:00

…

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

2023-08-30 16:35:13 +02:00

vsock: avoid to close connected socket after the timeout

2023-05-30 12:38:36 +01:00

…

wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()

2023-08-11 11:33:48 +02:00

net/x25: Fix to not accept on connected socket

2023-02-22 12:46:02 +01:00

net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure

2023-08-30 16:35:14 +02:00

compat.c

net: Return the correct errno code

2021-06-30 08:48:47 -04:00

Kconfig

Remove DECnet support from kernel

2023-06-21 15:38:58 +02:00

Makefile

Remove DECnet support from kernel

2023-06-21 15:38:58 +02:00

socket.c

net: annotate sk->sk_err write from do_recvmmsg()

2023-05-30 12:38:34 +01:00

sysctl_net.c

…