Hello: This patch was applied to netdev/net.git (master) by David S. Miller <davem@xxxxxxxxxxxxx>: On Fri, 15 Apr 2022 10:08:41 +0200 you wrote: > Given a sufficiently large number of actions, while copying and > reserving memory for a new action of a new flow, if next_offset is > greater than MAX_ACTIONS_BUFSIZE, the function reserve_sfa_size() does > not return -EMSGSIZE as expected, but it allocates MAX_ACTIONS_BUFSIZE > bytes increasing actions_len by req_size. This can then lead to an OOB > write access, especially when further actions need to be copied. > > [...] Here is the summary with links: - openvswitch: fix OOB access in reserve_sfa_size() https://git.kernel.org/netdev/net/c/cefa91b2332d You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html