NACK: [PATCH 0/1 v2][focal:linux-oem-5.6, focal:linux-oem-5.10, groovy:linux] CVE-2021-29646: tipc data size check
Tim Gardner
tim.gardner at canonical.com
Thu Apr 8 20:58:05 UTC 2021
Forgot CVE
On 4/8/21 2:43 PM, Tim Gardner wrote:
> v2 - Include groovy:linux
>
> This patch is already in Hirsute:linux
>
> Introduced by e1f32190cf7ddd55778b460e7d44af3f76529698 v5.5
> Fixed by 0217ed2848e8538bcf9172d97ed2eeb4a26041bb v5.12
>
> [SRU Justification]
>
> An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key
> in net/tipc/node.c does not properly validate certain data sizes, aka
> CID-0217ed2848e8.
>
> [Test Plan]
> None. Caught by Syzbot fuzzing.
>
> [Where problems could occur]
> User input could be erroneously rejected.
>
> [Other Info]
> Released in stable kernels:
> linux-5.10.y
> linux-5.11.y
>
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list