| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250801150651.54969a4e@kernel.org>
Date: Fri, 1 Aug 2025 15:06:51 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: maher azz <maherazz04@...il.com>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Jamal Hadi Salim
<jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, jiri@...nulli.us,
davem@...emloft.net, Eric Dumazet <edumazet@...gle.com>, pabeni@...hat.com,
Simon Horman <horms@...nel.org>, Ferenc Fejes <fejes@....elte.hu>, Vladimir
Oltean <vladimir.oltean@....com>
Subject: Re: [PATCH v2 net] net/sched: mqprio: fix stack out-of-bounds write
in tc entry parsing
On Tue, 29 Jul 2025 16:39:26 +0100 maher azz wrote:
> From: Maher Azzouzi <maherazz04@...il.com>
>
> TCA_MQPRIO_TC_ENTRY_INDEX is validated using
> NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value
> TC_QOPT_MAX_QUEUE (16). This leads to a 4-byte out-of-bounds stack write in
> the fp[] array, which only has room for 16 elements (0–15).
>
> Fix this by changing the policy to allow only up to TC_QOPT_MAX_QUEUE - 1.
>
> Fixes: f62af20bed2d ("net/sched: mqprio: allow per-TC user input of FP
> adminStatus")
Don't wrap the Fixes tags;
>
no empty lines between tags;
> Signed-off-by: Maher Azzouzi <maherazz04@...il.com>
your email client is corrupting the emails, tabs get replaced with
spaces. Please add the review tag you received from Eric on v1 and
try sending v3 with git send-email?
--
pw-bot: cr
Powered by blists - more mailing lists