| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89i+zVr6RwHPgDLcqovYXYwXHA_zHZ8i_1fq0idsN83MHuQ@mail.gmail.com>
Date: Sun, 9 Nov 2025 01:30:20 -0800
From: Eric Dumazet <edumazet@...gle.com>
To: Ranganath V N <vnranganath.20@...il.com>
Cc: davem@...emloft.net, david.hunter.linux@...il.com, horms@...nel.org,
jhs@...atatu.com, jiri@...nulli.us, khalid@...nel.org, kuba@...nel.org,
pabeni@...hat.com, xiyou.wangcong@...il.com, linux-kernel@...r.kernel.org,
netdev@...r.kernel.org, skhan@...uxfoundation.org,
syzbot+0c85cae3350b7d486aee@...kaller.appspotmail.com
Subject: Re: [PATCH net v4 1/2] net: sched: act_connmark: initialize struct
tc_ife to fix kernel leak
On Sun, Nov 9, 2025 at 1:13 AM Ranganath V N <vnranganath.20@...il.com> wrote:
>
> In tcf_connmark_dump(), the variable 'opt' was partially initialized using a
> designatied initializer. While the padding bytes are reamined
> uninitialized. nla_put() copies the entire structure into a
> netlink message, these uninitialized bytes leaked to userspace.
>
> Initialize the structure with memset before assigning its fields
> to ensure all members and padding are cleared prior to beign copied.
>
> Reported-by: syzbot+0c85cae3350b7d486aee@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=0c85cae3350b7d486aee
> Tested-by: syzbot+0c85cae3350b7d486aee@...kaller.appspotmail.com
> Fixes: 22a5dc0e5e3e ("net: sched: Introduce connmark action")
> Signed-off-by: Ranganath V N <vnranganath.20@...il.com>
> ---
Reviewed-by: Eric Dumazet <edumazet@...gle.com>
Powered by blists - more mailing lists