Merge branch 'tap-tun-harden-by-dropping-short-frame' - kernel/linux.git

diff options

author	Jakub Kicinski <kuba@kernel.org>	2024-07-25 18:07:06 +0300
committer	Jakub Kicinski <kuba@kernel.org>	2024-07-25 18:07:07 +0300
commit	af65ea42bd1d28d818b74b9b3b4f8da7ada9f88b (patch)
tree	0e2b808ca37e42419f7ef7ed1ca78e61a21fef9c /drivers/rtc/rtc-mv.c
parent	61ab751451f5ebd0b98e02276a44e23a10110402 (diff)
parent	049584807f1d797fc3078b68035450a9769eb5c3 (diff)
download	linux-af65ea42bd1d28d818b74b9b3b4f8da7ada9f88b.tar.xz

Merge branch 'tap-tun-harden-by-dropping-short-frame'

Dongli Zhang says: ==================== tap/tun: harden by dropping short frame This is to harden all of tap/tun to avoid any short frame smaller than the Ethernet header (ETH_HLEN). While the xen-netback already rejects short frame smaller than ETH_HLEN ... 914 static void xenvif_tx_build_gops(struct xenvif_queue *queue, 915 int budget, 916 unsigned *copy_ops, 917 unsigned *map_ops) 918 { ... ... 1007 if (unlikely(txreq.size < ETH_HLEN)) { 1008 netdev_dbg(queue->vif->dev, 1009 "Bad packet size: %d\n", txreq.size); 1010 xenvif_tx_err(queue, &txreq, extra_count, idx); 1011 break; 1012 } ... the short frame may not be dropped by vhost-net/tap/tun. This fixes CVE-2024-41090 and CVE-2024-41091. ==================== Link: https://patch.msgid.link/20240724170452.16837-1-dongli.zhang@oracle.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'drivers/rtc/rtc-mv.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: