diff options
author | dheerajpdsk <p.dheeraj.srujan.kumar@intel.com> | 2024-08-13 18:57:11 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-08-13 18:57:11 +0300 |
commit | 2bd6e77fe603cc9ddd4b1ef5421282487bb7a7d3 (patch) | |
tree | 0b18a326840e661d88333ec9aee349709f3596c1 /meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-42754.patch | |
parent | ac27a5095790a2d49a44d7c46440e375a8f84812 (diff) | |
parent | 848b831c34ae28e7b8132834656ad59dc6b51a87 (diff) | |
download | openbmc-2bd6e77fe603cc9ddd4b1ef5421282487bb7a7d3.tar.xz |
Update to internal 1-1.20
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-42754.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-42754.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-42754.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-42754.patch new file mode 100644 index 000000000..f16fa3f86 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-42754.patch @@ -0,0 +1,48 @@ +From 0113d9c9d1ccc07f5a3710dac4aa24b6d711278c Mon Sep 17 00:00:00 2001 +From: Kyle Zeng <zengyhkyle@gmail.com> +Date: Thu, 14 Sep 2023 22:12:57 -0700 +Subject: ipv4: fix null-deref in ipv4_link_failure + +Currently, we assume the skb is associated with a device before calling +__ip_options_compile, which is not always the case if it is re-routed by +ipvs. +When skb->dev is NULL, dev_net(skb->dev) will become null-dereference. +This patch adds a check for the edge case and switch to use the net_device +from the rtable when skb->dev is NULL. + +Fixes: ed0de45a1008 ("ipv4: recompile ip options in ipv4_link_failure") +Suggested-by: David Ahern <dsahern@kernel.org> +Signed-off-by: Kyle Zeng <zengyhkyle@gmail.com> +Cc: Stephen Suryaputra <ssuryaextr@gmail.com> +Cc: Vadim Fedorenko <vfedorenko@novek.ru> +Reviewed-by: David Ahern <dsahern@kernel.org> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ipv4/route.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index 66f419e7f9a7f..a570622832196 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -1213,6 +1213,7 @@ EXPORT_INDIRECT_CALLABLE(ipv4_dst_check); + + static void ipv4_send_dest_unreach(struct sk_buff *skb) + { ++ struct net_device *dev; + struct ip_options opt; + int res; + +@@ -1230,7 +1231,8 @@ static void ipv4_send_dest_unreach(struct sk_buff *skb) + opt.optlen = ip_hdr(skb)->ihl * 4 - sizeof(struct iphdr); + + rcu_read_lock(); +- res = __ip_options_compile(dev_net(skb->dev), &opt, skb, NULL); ++ dev = skb->dev ? skb->dev : skb_rtable(skb)->dst.dev; ++ res = __ip_options_compile(dev_net(dev), &opt, skb, NULL); + rcu_read_unlock(); + + if (res) +-- +cgit 1.2.3-korg + |