| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251104120313.1306566-1-razor@blackwall.org>
Date: Tue, 4 Nov 2025 14:03:11 +0200
From: Nikolay Aleksandrov <razor@...ckwall.org>
To: netdev@...r.kernel.org
Cc: tobias@...dekranz.com,
idosch@...dia.com,
kuba@...nel.org,
davem@...emloft.net,
bridge@...ts.linux.dev,
pabeni@...hat.com,
edumazet@...gle.com,
horms@...nel.org,
Nikolay Aleksandrov <razor@...ckwall.org>
Subject: [PATCH net 0/2] net: bridge: fix use-after-free due to MST port state bypass
Hi,
Patch 01 fixes a race condition that exists between expired fdb deletion
and port deletion when MST is enabled. Learning can happen after the
port's state has been changed to disabled which could lead to that
port's memory being used after it's been freed. The issue was reported
by syzbot, more information in patch 01. Patch 02 adds a selftest to
make sure port state bypass doesn't happen when we have VLAN filtering
disabled, regardless of MST state.
Thanks,
Nik
Nikolay Aleksandrov (2):
net: bridge: fix use-after-free due to MST port state bypass
selftests: forwarding: bridge: add a state bypass with disabled VLAN
filtering test
net/bridge/br_mst.c | 18 +++++++---
net/bridge/br_private.h | 5 +++
net/bridge/br_vlan.c | 1 +
.../net/forwarding/bridge_vlan_unaware.sh | 35 ++++++++++++++++++-
4 files changed, 53 insertions(+), 6 deletions(-)
--
2.51.0
Powered by blists - more mailing lists