APPLIED [OEM-5.10] Re: [PATCH 0/1 v3][focal:linux-oem-5.6, focal:linux-oem-5.10, groovy:linux] CVE-2021-29646: tipc data size check
Timo Aaltonen
tjaalton at ubuntu.com
Tue Apr 20 09:54:39 UTC 2021
On 9.4.2021 0.01, Tim Gardner wrote:
> v2 - Include groovy:linux
> v3 - include CVE-2021-29646 in patch
>
> This patch is already in Hirsute:linux
>
> Introduced by e1f32190cf7ddd55778b460e7d44af3f76529698 v5.5
> Fixed by 0217ed2848e8538bcf9172d97ed2eeb4a26041bb v5.12
>
> [SRU Justification]
>
> An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key
> in net/tipc/node.c does not properly validate certain data sizes, aka
> CID-0217ed2848e8.
>
> [Test Plan]
> None. Caught by Syzbot fuzzing.
>
> [Where problems could occur]
> User input could be erroneously rejected.
>
> [Other Info]
> Released in stable kernels:
> linux-5.10.y
> linux-5.11.y
>
>
>
Hi, this one is in 5.10.27
--
t
More information about the kernel-team
mailing list