a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c1dae5b051
android_kernel_samsung_a7y1.../net
History
Steffen Klassert d5d5f1684e xfrm4: Fix uninitialized memory read in _decode_session4 
[ Upstream commit 8742dc86d0c7a9628117a989c11f04a9b6b898f3 ]

We currently don't reload pointers pointing into skb header
after doing pskb_may_pull() in _decode_session4(). So in case
pskb_may_pull() changed the pointers, we read from random
memory. Fix this by putting all the needed infos on the
stack, so that we don't need to access the header pointers
after doing pskb_may_pull().

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-04-06 18:14:35 +02:00
..
6lowpan
9p 9p: do not trust pdu content for stat item size 2020-04-06 15:20:01 +02:00
802
8021q vlan: disable SIOCSHWTSTAMP in container 2020-04-06 17:01:37 +02:00
appletalk appletalk: Fix use-after-free in atalk_proc_exit 2020-04-06 15:20:39 +02:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2020-04-06 15:28:29 +02:00
ax25
batman-adv
bluetooth Bluetooth: Align minimum encryption key size for LE and BR/EDR connections 2020-04-06 16:43:10 +02:00
bridge bridge: Fix error path for kobject_init_and_add() 2020-04-06 17:01:30 +02:00
caif
can
ceph
core net: avoid weird emergency message 2020-04-06 18:13:26 +02:00
dcb
dccp
decnet
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4 xfrm4: Fix uninitialized memory read in _decode_session4 2020-04-06 18:14:35 +02:00
ipv6 xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module 2020-04-06 18:14:31 +02:00
ipx
irda
iucv
key
l2tp
l3mdev
lapb
llc
mac80211 mac80211: do not call driver wake_tx_queue op during reconfig 2020-04-06 15:57:06 +02:00
mac802154
mpls
mptcp
ncm
netfilter ipvs: do not schedule icmp errors from tunnels 2020-04-06 16:47:06 +02:00
netlabel
netlink
netrom
nfc
openvswitch
packet packet: Fix error path in packet_init 2020-04-06 17:01:35 +02:00
phonet
rds
rfkill
rose
rxrpc
sched
sctp sctp: initialize _pad of sockaddr_in before copying to user memory 2020-04-06 15:07:47 +02:00
sunrpc sunrpc: don't mark uninitialised items as VALID. 2020-04-06 16:38:50 +02:00
switchdev
tipc tipc: fix modprobe tipc failed after switch order of device registration 2020-04-06 18:13:34 +02:00
unix
vmw_vsock
wimax
wireless
x25
xfrm xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink 2020-04-06 18:14:29 +02:00
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c