[PATCH 0/2] Backport commits for CVE-2016-8645

Dan Streetman dan.streetman at canonical.com
Tue May 2 16:43:14 UTC 2017

The second commit provides the fix for CVE-2016-8645, while the first
commit only updates sk_filter() to introduce sk_filter_trim_cap() which
is used by the second commit.

The CVE issue is the tcp stack does not expect truncation of filtered
packets; the second commit limits the amount of truncation and updates

Note also that the first (prereq only) commit is only partially backported;
it also included a change to net/rose/rose_in.c, but that is not required
for this CVE, and so I left it out of the backport patch.

Eric Dumazet (1):
  tcp: take care of truncations done by sk_filter()

Willem de Bruijn (1):
  rose: limit sk_filter trim to payload

 include/linux/filter.h |  7 ++++++-
 include/net/tcp.h      |  1 +
 net/core/filter.c      |  9 +++++----
 net/ipv4/tcp_ipv4.c    | 19 ++++++++++++++++++-
 net/ipv6/tcp_ipv6.c    |  6 ++++--
 5 files changed, 34 insertions(+), 8 deletions(-)


More information about the kernel-team mailing list