NACK: [PATCH 0/1][OEM-5.6, OEM-5.10] CVE-2021-29646: tipc data size check
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Apr 8 20:26:13 UTC 2021
On Thu, Apr 08, 2021 at 01:53:53PM -0600, Tim Gardner wrote:
> This patch is already in Hirsute:linux
>
> Introduced by e1f32190cf7ddd55778b460e7d44af3f76529698 v5.5
> Fixed by 0217ed2848e8538bcf9172d97ed2eeb4a26041bb v5.12
>
> [SRU Justification]
>
> An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key
> in net/tipc/node.c does not properly validate certain data sizes, aka
> CID-0217ed2848e8.
>
> [Test Plan]
> None. Caught by Syzbot fuzzing.
>
> [Where problems could occur]
> User input could be erroneously rejected.
>
> [Other Info]
> Released in stable kernels:
> linux-5.10.y
> linux-5.11.y
Hi, Tim.
This also affects groovy 5.8 kernels. Can you please resend it?
Thanks.
Cascardo.
More information about the kernel-team
mailing list