+2
−0
+7
−1
Loading
stable inclusion from stable-v6.6.68 commit 935caf324b445fe73d7708fae6f7176fb243f357 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBJC6V CVE: CVE-2024-47408 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=935caf324b445fe73d7708fae6f7176fb243f357 -------------------------------- [ Upstream commit 9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad ] When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it. Fixes: 5c21c4cc ("net/smc: determine accepted ISM devices") Signed-off-by:Guangguan Wang <guangguan.wang@linux.alibaba.com> Reviewed-by:
Wen Gu <guwen@linux.alibaba.com> Reviewed-by:
D. Wythe <alibuda@linux.alibaba.com> Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
Sasha Levin <sashal@kernel.org> Signed-off-by:
Wang Liang <wangliang74@huawei.com>