Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the
commit "esp: Fix possible buffer overflow in ESP transformation"
(ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply
cleanly in v5.10 and v5.4 and therefore, patches for both the kernel
versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
- v5.4:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
- Ignore changes introduced due to `xfrm: add support for UDPv6
encapsulation of ESP` in esp6_output_head()
Can you help in cherry-picking the commit to above stable branches?
Thanks,
Vaibhav
Attachment:
5-4-esp-Fix-possible-buffer-overflow-in-ESP-transformati.patch
Description: Binary data
Attachment:
5-10-esp-Fix-possible-buffer-overflow-in-ESP-transformati.patch
Description: Binary data
