From faa49504c47a58dfe23e7b478c964e12ea86efb8 Mon Sep 17 00:00:00 2001
From: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Date: Mon, 1 Jan 2024 20:34:20 +0530
Subject: Update to internal 1-1.14

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
---
 .../linux/linux-aspeed/CVE-2023-2156.patch         | 39 ++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch

(limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch')

diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch
new file mode 100644
index 000000000..3ab2ef7c0
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2023-2156.patch
@@ -0,0 +1,39 @@
+From 4e006c7a6dac0ead4c1bf606000aa90a372fc253 Mon Sep 17 00:00:00 2001
+From: Alexander Aring <aahringo@redhat.com>
+Date: Mon, 17 Apr 2023 09:00:52 -0400
+Subject: [PATCH] net: rpl: fix rpl header size calculation
+
+This patch fixes a missing 8 byte for the header size calculation. The
+ipv6_rpl_srh_size() is used to check a skb_pull() on skb->data which
+points to skb_transport_header(). Currently we only check on the
+calculated addresses fields using CmprI and CmprE fields, see:
+
+https://www.rfc-editor.org/rfc/rfc6554#section-3
+
+there is however a missing 8 byte inside the calculation which stands
+for the fields before the addresses field. Those 8 bytes are represented
+by sizeof(struct ipv6_rpl_sr_hdr) expression.
+
+Fixes: 8610c7c6e3bd ("net: ipv6: add support for rpl sr exthdr")
+Signed-off-by: Alexander Aring <aahringo@redhat.com>
+Reported-by: maxpl0it <maxpl0it@protonmail.com>
+Reviewed-by: David Ahern <dsahern@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv6/rpl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/ipv6/rpl.c b/net/ipv6/rpl.c
+index 488aec9e1a74f3..d1876f19222552 100644
+--- a/net/ipv6/rpl.c
++++ b/net/ipv6/rpl.c
+@@ -32,7 +32,8 @@ static void *ipv6_rpl_segdata_pos(const struct ipv6_rpl_sr_hdr *hdr, int i)
+ size_t ipv6_rpl_srh_size(unsigned char n, unsigned char cmpri,
+ 			 unsigned char cmpre)
+ {
+-	return (n * IPV6_PFXTAIL_LEN(cmpri)) + IPV6_PFXTAIL_LEN(cmpre);
++	return sizeof(struct ipv6_rpl_sr_hdr) + (n * IPV6_PFXTAIL_LEN(cmpri)) +
++		IPV6_PFXTAIL_LEN(cmpre);
+ }
+ 
+ void ipv6_rpl_srh_decompress(struct ipv6_rpl_sr_hdr *outhdr,
-- 
cgit v1.2.3