| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250131082747.4101-1-arefev@swemel.ru> Date: Fri, 31 Jan 2025 11:27:36 +0300 From: Denis Arefev <arefev@...mel.ru> To: stable@...r.kernel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: "Michael S. Tsirkin" <mst@...hat.com>, Jason Wang <jasowang@...hat.com>, "David S. Miller" <davem@...emloft.net>, Willem de Bruijn <willemb@...gle.com>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, virtualization@...ts.linux-foundation.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, lvc-project@...uxtesting.org Subject: [PATCH 5.10 0/5] net: Backport fix for CVE-2024-43817 Link: https://nvd.nist.gov/vuln/detail/cve-2024-43817 [PATCH 5.10 1/5] net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation [PATCH 5.10 2/5] net: drop bad gso csum_start and offset in virtio_net_hdr [PATCH 5.10 3/5] net: tighten bad gso csum offset check in virtio_net_hdr [PATCH 5.10 4/5] net: add more sanity check in virtio_net_hdr_to_skb() [PATCH 5.10 5/5] net: test for not too small csum_start in The bug has been fixed "silently" in upstream with the following series of 5 commits. 49d14b54a527 net: test for not too small csum_start in virtio_net_hdr_to_skb() 6513eb3d3191 net: tighten bad gso csum offset check in virtio_net_hdr 89add40066f9 net: drop bad gso csum_start and offset in virtio_net_hdr 9181d6f8a2bb net: add more sanity check in virtio_net_hdr_to_skb() fc8b2a619469 net: more strict VIRTIO_NET_HDR_GSO_UDP_L4 validation
Powered by blists - more mailing lists