Commit 2126576f authored Apr 02, 2022 by Oliver Neukum Committed by Yongqiang Liu Apr 02, 2022

sr9700: sanity check for packet length

mainline inclusion
from mainline-v5.17-rc4
commit e9da0b56
category: bugfix
bugzilla: 186472, https://gitee.com/openeuler/kernel/issues/I4ZWKH


CVE: CVE-2022-26966

--------------------------------

A malicious device can leak heap data to user space
providing bogus frame lengths. Introduce a sanity check.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reviewed-by: Grant Grundler <grundler@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Lijun Fang <fanglijun3@huawei.com>
Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>

parent 50cea8d3

Show whitespace changes

Inline Side-by-side

Please to comment