On Mon, 2024-05-20 at 16:53 +0800, ye.xingchen@xxxxxxxxxx wrote: > From: YeXingchen <ye.xingchen@xxxxxxxxxx> > > The CVE-1999-0524 vulnerability is associated with ICMP > timestamp messages, which can be exploited to conduct > a denial-of-service (DoS) attack. In the Vulnerability > Priority Rating (VPR) system, this vulnerability was > rated as a medium risk in May of this year. > Link:https://www.tenable.com/plugins/nessus/10113 > > To protect embedded systems that cannot run firewalls > from attacks exploiting the CVE-1999-0524 vulnerability, > the icmp_timestamp_ignore_all sysctl is offered as > an easy solution, which allows all ICMP timestamp > messages to be ignored, effectively bypassing the > potential exploitation through the CVE-1999-0524 > vulnerability. It enables these resource-constrained > systems to disregard all ICMP timestamp messages, > preventing potential DoS attacks, making it an ideal > lightweight solution for such environments. > > Signed-off-by: YeXingchen <ye.xingchen@xxxxxxxxxx> > Reviewed-by: xu xin <xu.xin16@xxxxxxxxxx> > Reviewed-by: zhang yunkai <zhang.yunkai@xxxxxxxxxx> > Reviewed-by: Fan Yu <fan.yu9@xxxxxxxxxx> > CC: he peilin <he.peilin@xxxxxxxxxx> > Cc: Yang Yang <yang.yang29@xxxxxxxxxx> > Cc: Yang Guang <yang.guang5@xxxxxxxxxx> ## Form letter - net-next-closed The merge window for v6.10 has begun and we have already posted our pull request. Therefore net-next is closed for new drivers, features, code refactoring and optimizations. We are currently accepting bug fixes only. Please repost when net-next reopens after May 26th. RFC patches sent for review only are obviously welcome at any time. See: https://www.kernel.org/doc/html/next/process/maintainer-netdev.html#development-cycle
