!1311 Fix CVE-2023-2860
Merge Pull Request from: @ziyang-xuan The SRv6 layer allows defining HMAC data that can later be used to sign IPv6 Segment Routing Headers. Because the SECRETLEN attribute is decoupled from the actual length of the SECRET attribute, it is possible to provide invalid combinations(e.g., secret = "", secretlen = 64). This case is not checked in the code and with an appropriately crafted netlink message, an out-of-bounds read of up to 64 bytes (max secret length) can occur past the skb end pointer and into skb_shared_info. Link:https://gitee.com/openeuler/kernel/pulls/1311 Reviewed-by:Yue Haibing <yuehaibing@huawei.com> Signed-off-by:
Loading
Please sign in to comment