Commit c2b03af4 authored by Jeimon's avatar Jeimon Committed by Wang Hai
Browse files

net/nfc/rawsock.c: fix a permission check bug 

stable inclusion
from stable-v4.19.195
commit ec72482564ff99c6832d33610d9f8ab7ecc81b6d
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9R4JW
CVE: CVE-2021-47285

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ec72482564ff99c6832d33610d9f8ab7ecc81b6d



--------------------------------

[ Upstream commit 8ab78863 ]

The function rawsock_create() calls a privileged function sk_alloc(), which requires a ns-aware check to check net->user_ns, i.e., ns_capable(). However, the original code checks the init_user_ns using capable(). So we replace the capable() with ns_capable().

Signed-off-by: default avatarJeimon <jjjinmeng.zhou@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarWang Hai <wanghai38@huawei.com>
parent 196331cd
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment