android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Kernel for Galaxy S24, rebased on CLO sources (WIP)
1,147,603 Commits 2 Branches 0 Tags 3.3 GiB
C 97.8%
Assembly 1.1%
Shell 0.4%
Makefile 0.3%
Python 0.1%
a442cd1701
Go to file
Lin Ma a442cd1701 xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH 
[ Upstream commit 5e2424708da7207087934c5c75211e8584d553a0 ]

The previous commit 4e484b3e96 ("xfrm: rate limit SA mapping change
message to user space") added one additional attribute named
XFRMA_MTIMER_THRESH and described its type at compat_policy
(net/xfrm/xfrm_compat.c).

However, the author forgot to also describe the nla_policy at
xfrma_policy (net/xfrm/xfrm_user.c). Hence, this suppose NLA_U32 (4
bytes) value can be faked as empty (0 bytes) by a malicious user, which
leads to 4 bytes overflow read and heap information leak when parsing
nlattrs.

To exploit this, one malicious user can spray the SLUB objects and then
leverage this 4 bytes OOB read to leak the heap data into
x->mapping_maxage (see xfrm_update_ae_params(...)), and leak it to
userspace via copy_to_user_state_extra(...).

The above bug is assigned CVE-2023-3773. To fix it, this commit just
completes the nla_policy description for XFRMA_MTIMER_THRESH, which
enforces the length check and avoids such OOB read.

Fixes: 4e484b3e96 ("xfrm: rate limit SA mapping change message to user space")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-08-23 17:52:32 +02:00
arch powerpc/rtas_flash: allow user copy to flash block cache objects 2023-08-23 17:52:30 +02:00
block blk-mq: Fix stall due to recursive flush plug 2023-08-03 10:23:48 +02:00
certs certs: Fix build error when PKCS#11 URI contains semicolon 2023-02-09 11:28:11 +01:00
crypto crypto: jitter - correct health test during initialization 2023-07-19 16:21:42 +02:00
Documentation iommu/amd: Introduce Disable IRTE Caching Support 2023-08-23 17:52:21 +02:00
drivers i2c: designware: Handle invalid SMBus block data response length value 2023-08-23 17:52:31 +02:00
fs btrfs: fix BUG_ON condition in btrfs_cancel_balance 2023-08-23 17:52:31 +02:00
include KVM: arm64: vgic-v4: Make the doorbell request robust w.r.t preemption 2023-08-23 17:52:28 +02:00
init x86/mm: Initialize text poking earlier 2023-08-08 20:03:49 +02:00
io_uring io_uring: correct check for O_TMPFILE 2023-08-16 18:27:24 +02:00
ipc ipc: fix memory leak in init_mqueue_fs() 2022-12-31 13:32:01 +01:00
kernel ring-buffer: Do not swap cpu_buffer during resize process 2023-08-23 17:52:27 +02:00
lib debugobjects: Recheck debug_objects_enabled before reporting 2023-08-11 12:08:23 +02:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm zsmalloc: fix races between modifications of fullness and isolated 2023-08-23 17:52:17 +02:00
net xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH 2023-08-23 17:52:32 +02:00
rust rust: allocator: Prevent mis-aligned allocation 2023-08-11 12:08:18 +02:00
samples samples: ftrace: Save required argument registers in sample trampolines 2023-07-23 13:49:44 +02:00
scripts gcc-plugins: Reorganize gimple includes for GCC 13 2023-08-16 18:27:20 +02:00
security security: keys: Modify mismatched function name 2023-07-27 08:50:43 +02:00
sound ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V 2023-08-23 17:52:26 +02:00
tools selftests: forwarding: tc_actions: Use ncat instead of nc 2023-08-23 17:52:18 +02:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt KVM: Grab a reference to KVM for VM and vCPU stats file descriptors 2023-08-03 10:24:08 +02:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS smb: move client and server files to common directory fs/smb 2023-06-28 11:12:40 +02:00
Makefile Linux 6.1.46 2023-08-16 18:27:31 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.