| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241128183509.23236-1-n.zhandarovich@fintech.ru> Date: Thu, 28 Nov 2024 10:35:08 -0800 From: Nikita Zhandarovich <n.zhandarovich@...tech.ru> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Sasha Levin <sashal@...nel.org>, <stable@...r.kernel.org> CC: Nikita Zhandarovich <n.zhandarovich@...tech.ru>, Boris Pismenny <borisp@...dia.com>, John Fastabend <john.fastabend@...il.com>, "Daniel Borkmann" <daniel@...earbox.net>, Jakub Kicinski <kuba@...nel.org>, "David S. Miller" <davem@...emloft.net>, <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <lvc-project@...uxtesting.org> Subject: [PATCH 5.4/5.10/5.15 0/1] Backport fix for CVE-2023-1075 This patch addresses an issue of type confusion in tls_is_tx_ready(), as a check for NULL of list_first_entry() return value is wrong. This issue has been given a CVE entry CVE-2023-1075 [1] and is still present in several stable branches. As the flawed function tls_is_tx_ready() is named is_tx_ready() and is situated in another file (specifically, include/net/tls.h) in older kernel versions, fix the error there instead. This adapted backport can be cleanly applied to 5.4, 5.10 and 5.15 branches. [PATCH 5.4/5.10/5.15 1/1] net/tls: tls_is_tx_ready() checked list_entry Use list_first_entry_or_null() instead of list_entry() to properly check for empty lists. Fixes [1]. [1] https://nvd.nist.gov/vuln/detail/cve-2023-1075 [2] https://github.com/torvalds/linux/commit/ffe2a22562444720b05bdfeb999c03e810d84cbb
Powered by blists - more mailing lists