Re: Cherry-pick request to fix CVE-2022-0886 in v5.10 and v5.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Mar 22, 2022 at 9:53 AM Vaibhav Rustagi
<vaibhavrustagi@xxxxxxxxxx> wrote:
>
> On Tue, Mar 22, 2022 at 2:04 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >
> > On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
> > > Hi Greg,
> > >
> > > To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the
> > > commit "esp: Fix possible buffer overflow in ESP transformation"
> > > (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply
> > > cleanly in v5.10 and v5.4 and therefore, patches for both the kernel
> > > versions are attached.
> > >
> > > In order to backport the original commit, following changes are done:
> > >
> > >  - v5.10:
> > >     - "SKB_FRAG_PAGE_ORDER" declaration is moved from
> > > "net/core/sock.c" to "include/net/sock.c"
> >
> > Did you see that this is already in the 5.10 queue and out for review
> > right now?  Can you verify that the backport there matches yours?
> >
>
> I was not aware that I could check that. Thanks for the hint.
>
> The change is not exactly identical. In addition to the change
> mentioned in https://www.spinics.net/lists/stable/msg542796.html, I
> have also removed following from "net/core/sock.c":
>
> -#define SKB_FRAG_PAGE_ORDER get_order(32768)
>
> This is done because "net/core/sock.c" includes "include/net/sock.h"
> which defined the MACRO.
>
> > >  - v5.4:
> > >     - "SKB_FRAG_PAGE_ORDER" declaration is moved from
> > > "net/core/sock.c" to "include/net/sock.c"
> > >     - Ignore changes introduced due to `xfrm: add support for UDPv6
> > > encapsulation of ESP` in esp6_output_head()
> >
> > Thanks for this one, I'll queue it up after this next round of releases.
> > What about 4.14 and 4.19?  Will this backport work there?  If not, can
> > you provide a working one?
> >
>
> I haven't tested the change in v4.14 and v4.19. I will check out those
> trees and check whether the current patch will work or not.
>

The changes for v4.14 and v4.19 are the same as what is sent for v5.4.
However, the v5.4 patch didn't apply cleanly and I have attached
patches for v4.14 (tested build on v4.14.272) and v4.19 (tested build
on v4.19.235).

> > thanks,
> >
> > greg k-h
>
> Regards,
> Vaibhav

Attachment: 4-14-esp-Fix-possible-buffer-overflow-in-ESP-transformati.patch
Description: Binary data

Attachment: 4-19-esp-Fix-possible-buffer-overflow-in-ESP-transformati.patch
Description: Binary data

[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux