APPLIED Re: [SRU][OEM-5.14/OEM-5.17][PATCH 0/1] CVE-2023-0394
Timo Aaltonen
tjaalton at ubuntu.com
Mon Mar 13 12:47:02 UTC 2023
Yuxuan Luo kirjoitti 9.3.2023 klo 22.22:
> [Impact]
> A vulnerability has found in ipv6 implementation at net/ipv6/raw.c: the
> IPV6_CHECKSUM offset is not calculated correctly because it does not exclude
> an extension header. This error could lead to NULL pointer dereference, which
> could be exploited to cause a denial of service.
>
> [Backport]
> It is a clean cherry pick.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Expecting low risk of regression as the commit does not change much but adding
> an extra layer of conditional calculation.
>
> Herbert Xu (1):
> ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
>
> net/ipv6/raw.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
applied to both, thanks
--
t
More information about the kernel-team
mailing list