Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote: > The problem is that we always copy a minimum of ETH_ZLEN (60) bytes from > skb->data even when skb->len is less than ETH_ZLEN so it leads to a read > overflow. > > The fix is to pad skb->data to at least ETH_ZLEN bytes. > > Cc: <stable@xxxxxxxxxxxxxxx> > Reported-by: Hu Jiahui <kirin.say@xxxxxxxxx> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx> Patch applied to wireless-drivers-next.git, thanks. 11e7a91994c2 airo: Fix read overflows sending packets -- https://patchwork.kernel.org/patch/11573765/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
