[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5be7712f.ead00.1899266e0a1.Coremail.linma@zju.edu.cn>
Date: Wed, 26 Jul 2023 21:32:43 +0800 (GMT+08:00)
From: "Lin Ma" <linma@....edu.cn>
To: "Leon Romanovsky" <leon@...nel.org>
Cc: steffen.klassert@...unet.com, herbert@...dor.apana.org.au,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v1] xfrm: add forgotten nla_policy for
XFRMA_MTIMER_THRESH
Hello Leon,
>
> This CVE is a joke, you need to be root to execute this attack.
>
Not really, this call routine only checks
if (!netlink_net_capable(skb, CAP_NET_ADMIN))
return -EPERM;
and any users in most vendor kernel can create a network namespace to
get such privilege and trigger this bug.
> Anyway change is ok.
> Reviewed-by: Leon Romanovsky <leonro@...dia.com>
Regards
Lin
Powered by blists - more mailing lists