ACK: [SRU Bionic/Focal/Impish/OEM-5.14/Jammy 0/1] CVE-2022-27666
Stefan Bader
stefan.bader at canonical.com
Thu Mar 24 14:28:19 UTC 2022
On 24.03.22 12:14, Thadeu Lima de Souza Cascardo wrote:
> Notice that CVE-2022-0886 is a duplicate of CVE-2022-27666.
>
> [Impact]
> An unprivileged user can use ESP packets to write to out-of-bounds memory,
> possibly leading to a privilege escalation.
>
> [Backport]
> I picked up the SKB_FRAG_PAGE_ORDER macro movement from upstream for 5.13 and
> 5.14. It was already present on 5.15. For 5.4 and 4.15, I added the macro myself,
> as did upstream.
>
> [Test case]
> A syzkaller reproducer was tested and shown to be fixed. Except for 4.15,
> where the reproducer didn't work.
>
> [Potential impact]
> VHOST and ESP use may be broken by either of the two commits.
>
>
> Steffen Klassert (1):
> esp: Fix possible buffer overflow in ESP transformation
> Yunsheng Lin (1):
> sock: remove one redundant SKB_FRAG_PAGE_ORDER macro
>
> include/net/esp.h | 2 ++
> include/net/sock.h | 1 +
> net/ipv4/esp4.c | 5 +++++
> net/ipv6/esp6.c | 5 +++++
> 4 files changed, 13 insertions(+)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220324/965a6a74/attachment-0001.sig>
More information about the kernel-team
mailing list