Commit 78dc7fa3 authored by Wander Lairson Costa's avatar Wander Lairson Costa Committed by Zhengchao Shao
Browse files

netfilter: xt_sctp: validate the flag_info count 

stable inclusion
from stable-v4.19.295
commit f25dbfadaf525d854597c16420dd753ca47b9396
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I85CAQ
CVE: CVE-2023-39193

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f25dbfadaf525d854597c16420dd753ca47b9396



--------------------------------

commit e9947649 upstream.

sctp_mt_check doesn't validate the flag_count field. An attacker can
take advantage of that to trigger a OOB read and leak memory
information.

Add the field validation in the checkentry function.

Fixes: 2e4e6a17 ("[NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables")
Cc: stable@vger.kernel.org
Reported-by: default avatarLucas Leong <wmliang@infosec.exchange>
Signed-off-by: default avatarWander Lairson Costa <wander@redhat.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZhengchao Shao <shaozhengchao@huawei.com>
parent 516534e8
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment