| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <69678775.050a0220.398fa7.000d.GAE@google.com> Date: Wed, 14 Jan 2026 04:09:25 -0800 From: syzbot <syzbot+619b9ef527f510a57cfc@...kaller.appspotmail.com> To: linux-kernel@...r.kernel.org Subject: Forwarded: [PATCH] net: skbuff: fix uninitialized memory use in pskb_expand_head() For archival purposes, forwarding an incoming command email to linux-kernel@...r.kernel.org. *** Subject: [PATCH] net: skbuff: fix uninitialized memory use in pskb_expand_head() Author: sohammetha01@...il.com pskb_expand_head() allocates a new skb data buffer using kmalloc_reserve(), which does not initialize memory. skb helpers may later copy or move padding bytes from the buffer. Initialize the newly allocated skb buffer to avoid propagating uninitialized memory. Reported-by: syzbot+619b9ef527f510a57cfc@...kaller.appspotmail.com Signed-off-by: Soham Metha <sohammetha01@...il.com> --- #syz test net/core/skbuff.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index a56133902c0d..b658dcbe0698 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -2280,6 +2280,7 @@ int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail, gfp_mask |= __GFP_MEMALLOC; data = kmalloc_reserve(&size, gfp_mask, NUMA_NO_NODE, NULL); if (!data) goto nodata; + memset(data, 0, size); size = SKB_WITH_OVERHEAD(size); -- 2.34.1
Powered by blists - more mailing lists