On 11/7/2015 2:55 AM, Greg KH wrote: > On Tue, Oct 27, 2015 at 01:50:53AM +0000, Sheng Yong wrote: >> From: Jason Wang <jasowang@xxxxxxxxxx> >> >> commit 48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39 upstream. >> >> virtio declares support for NETIF_F_FRAGLIST, but assumes >> that there are at most MAX_SKB_FRAGS + 2 fragments which isn't >> always true with a fraglist. >> >> A longer fraglist in the skb will make the call to skb_to_sgvec overflow >> the sg array, leading to memory corruption. >> >> Drop NETIF_F_FRAGLIST so we only get what we can handle. >> >> Cc: Michael S. Tsirkin <mst@xxxxxxxxxx> >> Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx> >> Acked-by: Michael S. Tsirkin <mst@xxxxxxxxxx> >> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> >> --- >> drivers/net/virtio_net.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > > This patch isn't in any stable tree, why just add it to 3.10? What > about all of the other ones? Hi, Greg This patch addresses CVE-2015-5156. I didn't check if other stables added this patch. 3.4.y, 3.14.y and 4.1.y can have this patch directly by cherry-pick. thanks, Sheng > > thanks, > > greg k-h > -- > To unsubscribe from this list: send the line "unsubscribe stable" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > . > -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html