lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250919-portable-rat-of-dew-32b5e9-mkl@pengutronix.de>
Date: Fri, 19 Sep 2025 19:04:39 +0200
From: Marc Kleine-Budde <mkl@...gutronix.de>
To: Vincent Mailhol <mailhol@...nel.org>
Cc: Oliver Hartkopp <socketcan@...tkopp.net>, 
	Arunachalam Santhanam <arunachalam.santhanam@...bosch.com>, Akshay Bhat <akshay.bhat@...esys.com>, 
	Wolfgang Grandegger <wg@...ndegger.com>, Chen-Yu Tsai <wens@...e.org>, 
	Jernej Skrabec <jernej.skrabec@...il.com>, Samuel Holland <samuel@...lland.org>, 
	Maxime Ripard <mripard@...nel.org>, Gerhard Bertelsmann <info@...hard-bertelsmann.de>, 
	Yasushi SHOJI <yashi@...cecubics.com>, 
	Remigiusz Kołłątaj <remigiusz.kollataj@...ica.com>, linux-can@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-arm-kernel@...ts.infradead.org, linux-sunxi@...ts.linux.dev
Subject: Re: [PATCH 0/4] can: populate ndo_change_mtu() to prevent buffer
 overflow

On 18.09.2025 18:00:23, Vincent Mailhol wrote:
> Four drivers, namely etas_es58x, hi311x, sun4i_can and mcba_usb forgot
> to populate their net_device_ops->ndo_change_mtu(). Because of that,
> the user is free to configure any MTU on these interfaces.
> 
> This can be abused by an attacker who could craft some skbs and send
> them through PF_PACKET to perform a buffer overflow of up to 247 bytes
> in each of these drivers.
> 
> This series contains four patches, one for each of the drivers, to add
> the missing ndo_change_mtu() callback. The descriptions contain
> detailed explanations of how the buffer overflow could be triggered.
> 
> Signed-off-by: Vincent Mailhol <mailhol@...nel.org>

Added to linux-can.

Thanks,
Marc

-- 
Pengutronix e.K.                 | Marc Kleine-Budde          |
Embedded Linux                   | https://www.pengutronix.de |
Vertretung Nürnberg              | Phone: +49-5121-206917-129 |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-9   |

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ