This is a note to let you know that I've just added the patch titled vxlan: correctly validate VXLAN ID against VXLAN_N_VID to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: vxlan-correctly-validate-vxlan-id-against-vxlan_n_vid.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Sat Mar 18 22:03:25 CST 2017 From: Matthias Schiffer <mschiffer@xxxxxxxxxxxxxxxxxxxx> Date: Thu, 23 Feb 2017 17:19:41 +0100 Subject: vxlan: correctly validate VXLAN ID against VXLAN_N_VID From: Matthias Schiffer <mschiffer@xxxxxxxxxxxxxxxxxxxx> [ Upstream commit 4e37d6911f36545b286d15073f6f2222f840e81c ] The incorrect check caused an off-by-one error: the maximum VID 0xffffff was unusable. Fixes: d342894c5d2f ("vxlan: virtual extensible lan") Signed-off-by: Matthias Schiffer <mschiffer@xxxxxxxxxxxxxxxxxxxx> Acked-by: Jiri Benc <jbenc@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/net/vxlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -2637,7 +2637,7 @@ static int vxlan_validate(struct nlattr if (data[IFLA_VXLAN_ID]) { __u32 id = nla_get_u32(data[IFLA_VXLAN_ID]); - if (id >= VXLAN_VID_MASK) + if (id >= VXLAN_N_VID) return -ERANGE; } Patches currently in stable-queue which might be from mschiffer@xxxxxxxxxxxxxxxxxxxx are queue-4.9/vxlan-correctly-validate-vxlan-id-against-vxlan_n_vid.patch