lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: 
 <175675920849.3877324.13775233533723046808.git-patchwork-notify@kernel.org>
Date: Mon, 01 Sep 2025 20:40:08 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Simon Wunderlich <sw@...onwunderlich.de>
Cc: davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
 b.a.t.m.a.n@...ts.open-mesh.org, stanislav.fort@...le.com,
 stable@...r.kernel.org, disclosure@...le.com, sven@...fation.org
Subject: Re: [PATCH net 1/1] batman-adv: fix OOB read/write in network-coding
 decode

Hello:

This patch was applied to netdev/net.git (main)
by Simon Wunderlich <sw@...onwunderlich.de>:

On Mon,  1 Sep 2025 18:15:46 +0200 you wrote:
> From: Stanislav Fort <stanislav.fort@...le.com>
> 
> batadv_nc_skb_decode_packet() trusts coded_len and checks only against
> skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing
> payload headroom, and the source skb length is not verified, allowing an
> out-of-bounds read and a small out-of-bounds write.
> 
> [...]

Here is the summary with links:
  - [net,1/1] batman-adv: fix OOB read/write in network-coding decode
    https://git.kernel.org/netdev/net/c/d77b6ff0ce35

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ