github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
65d91192aa
linux/net
History
Ilya Maximets 65d91192aa net: openvswitch: fix nested key length validation in the set() action 
It's not safe to access nla_len(ovs_key) if the data is smaller than
the netlink header.  Check that the attribute is OK first.

Fixes: ccb1352e76 ("net: Add Open vSwitch kernel components.")
Reported-by: syzbot+b07a9da40df1576b8048@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b07a9da40df1576b8048
Tested-by: syzbot+b07a9da40df1576b8048@syzkaller.appspotmail.com
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Reviewed-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Link: https://patch.msgid.link/20250412104052.2073688-1-i.maximets@ovn.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-04-14 16:15:38 -07:00
..
6lowpan
9p 9p: Use hashtable.h for hash_errmap 2025-03-23 06:20:48 +09:00
802 net: 802: LLC+SNAP OID:PID lookup on start of skb data 2025-01-04 08:06:24 -08:00
8021q net: vlan: don't propagate flags on open 2025-03-20 09:57:37 +01:00
appletalk treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
atm treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
ax25 treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
batman-adv CRC cleanups for 6.15 2025-04-08 12:09:28 -07:00
bluetooth bluetooth pull request for net: 2025-04-11 16:34:04 -07:00
bpf bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() 2025-01-29 08:51:51 -08:00
bridge treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
caif rtnetlink: Pack newlink() params into struct 2025-02-21 15:28:02 -08:00
can treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
ceph lib/crc: remove CONFIG_LIBCRC32C 2025-04-04 11:31:42 -07:00
core net: don't mix device locking in dev_close_many() calls 2025-04-14 12:48:44 -07:00
dcb
dccp tcp/dccp: remove icsk->icsk_ack.timeout 2025-03-25 10:34:33 -07:00
devlink devlink: fix xa_alloc_cyclic() error handling 2025-03-19 09:57:36 +00:00
dns_resolver
dsa net: move misc netdev_lock flavors to a separate header 2025-03-08 09:06:50 -08:00
ethernet
ethtool ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() 2025-04-11 18:41:19 -07:00
handshake
hsr net: hold instance lock during NETDEV_CHANGE 2025-04-07 11:13:39 -07:00
ieee802154 inet: frags: save a pair of atomic operations in reassembly 2025-03-18 13:18:36 +01:00
ife
ipv4 treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
ipv6 ipv6: add exception routes to GC list in rt6_insert_exception 2025-04-10 20:09:05 -07:00
iucv s390: Convert MACHINE_IS_[LPAR|VM|KVM], etc, machine_is_[lpar|vm|kvm]() 2025-03-04 17:18:07 +01:00
kcm
key
l2tp net: move misc netdev_lock flavors to a separate header 2025-03-08 09:06:50 -08:00
l3mdev
lapb treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
llc treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
mac80211 Just a handful of fixes, notably 2025-04-11 16:38:04 -07:00
mac802154 mac802154: Switch to use hrtimer_setup() 2025-02-18 10:35:44 +01:00
mctp net: mctp: Set SOCK_RCU_FREE 2025-04-11 18:42:34 -07:00
mpls percpu: use TYPEOF_UNQUAL() in variable declarations 2025-03-16 22:05:53 -07:00
mptcp Including fixes from netfilter. 2025-04-10 08:52:18 -07:00
ncsi treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
netfilter Including fixes from netfilter. 2025-04-10 08:52:18 -07:00
netlabel net: corrections for security_secid_to_secctx returns 2025-01-04 22:11:22 -05:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-27 10:20:58 -08:00
netrom treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
nfc treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
nsh
openvswitch net: openvswitch: fix nested key length validation in the set() action 2025-04-14 16:15:38 -07:00
packet treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
phonet
psample psample: adjust size if rate_as_probability is set 2024-12-18 19:23:04 -08:00
qrtr
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-27 10:20:58 -08:00
rfkill net: rfkill: gpio: allow booting in blocked state 2025-02-11 11:55:55 +01:00
rose treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
rxrpc treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
sched Including fixes from netfilter. 2025-04-10 08:52:18 -07:00
sctp Including fixes from netfilter. 2025-04-10 08:52:18 -07:00
shaper net: add netdev_lock() / netdev_unlock() helpers 2025-01-15 19:13:33 -08:00
smc smc: Fix lockdep false-positive for IPPROTO_SMC. 2025-04-11 14:14:26 -07:00
strparser strparser: Add read_sock callback 2025-01-29 13:32:08 -08:00
sunrpc treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
switchdev net: switchdev: Convert blocking notification chain to a raw one 2025-03-11 11:30:28 +01:00
tipc Including fixes from netfilter. 2025-04-10 08:52:18 -07:00
tls net: tls: explicitly disallow disconnect 2025-04-08 11:38:49 +02:00
unix unix: fix up for "apparmor: add fine grained af_unix mediation" 2025-03-26 09:31:18 -07:00
vmw_vsock vsock: avoid timeout during connect() if the socket is closing 2025-04-02 17:19:30 -07:00
wireless treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
x25 treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
xdp xsk: Fix __xsk_generic_xmit() error code when cq is full 2025-04-02 21:55:43 -07:00
xfrm treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-03-26 09:32:10 -07:00
sysctl_net.c