Blaster4385/linux-IllusionX
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-IllusionX/net
History
Matthieu Baerts (NGI0) 0201d65d98 mptcp: pm: avoid possible UaF when selecting endp 
commit 48e50dcbcb upstream.

select_local_address() and select_signal_address() both select an
endpoint entry from the list inside an RCU protected section, but return
a reference to it, to be read later on. If the entry is dereferenced
after the RCU unlock, reading info could cause a Use-after-Free.

A simple solution is to copy the required info while inside the RCU
protected section to avoid any risk of UaF later. The address ID might
need to be modified later to handle the ID0 case later, so a copy seems
OK to deal with.

Reported-by: Paolo Abeni <pabeni@redhat.com>
Closes: https://lore.kernel.org/45cd30d3-7710-491c-ae4d-a1368c00beb1@redhat.com
Fixes: 01cacb00b3 ("mptcp: add netlink-based PM")
Cc: stable@vger.kernel.org
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-14-38035d40de5b@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-08-29 17:36:12 +02:00
..
6lowpan net: fill in MODULE_DESCRIPTION()s for 6LoWPAN 2024-02-09 14:12:01 -08:00
9p Two fixes headed to stable trees: 2024-05-29 09:25:15 -07:00
802 net: fill in MODULE_DESCRIPTION()s under net/802* 2023-10-28 11:29:28 +01:00
8021q net: annotate writes on dev->mtu from ndo_change_mtu() 2024-05-07 16:19:14 -07:00
appletalk Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-09 10:01:01 -07:00
atm net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
ax25 ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() 2024-06-01 15:49:42 -07:00
batman-adv Revert "batman-adv: prefer kfree_rcu() over call_rcu() with free-only callbacks" 2024-06-12 20:18:00 +02:00
bluetooth Bluetooth: MGMT: Add error handling to pair_device() 2024-08-29 17:36:06 +02:00
bpf bpf: Set run context for rawtp test_run callback 2024-06-05 09:41:33 +02:00
bridge netfilter: nf_queue: drop packets with cloned unconfirmed conntracks 2024-08-29 17:35:48 +02:00
caif caif: Use UTILITY_NAME_LENGTH instead of hard-coding 16 2024-04-02 18:20:00 -07:00
can net: can: j1939: recover socket queue on CAN bus error during BAM transmission 2024-06-21 10:50:17 +02:00
ceph libceph: fix crush_choose_firstn() kernel-doc warnings 2024-07-11 16:33:07 +02:00
core bpf, net: Use DEV_STAT_INC() 2024-08-19 06:05:38 +02:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-01 21:07:46 -07:00
dccp Fix race for duplicate reqsk on identical SYN 2024-06-25 11:37:45 +02:00
devlink devlink: extend devlink_param *set pointer 2024-04-22 13:05:19 -07:00
dns_resolver Networking changes for 6.8. 2024-01-11 10:07:29 -08:00
dsa net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and register injection 2024-08-29 17:35:56 +02:00
ethernet netkit: Fix pkt_type override upon netkit pass verdict 2024-05-25 10:48:57 -07:00
ethtool ethtool: fix setting key and resetting indir at once 2024-08-11 12:57:51 +02:00
handshake net/handshake: remove redundant assignment to variable ret 2024-04-16 17:14:55 -07:00
hsr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-09 10:01:01 -07:00
ieee802154 tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
ife net: sched: ife: fix potential use-after-free 2023-12-15 10:50:18 +00:00
ipv4 udp: fix receiving fraglist GSO packets 2024-08-29 17:36:00 +02:00
ipv6 ipv6: prevent possible UAF in ip6_xmit() 2024-08-29 17:36:00 +02:00
iucv s390/iucv: Fix vargs handling in iucv_alloc_device() 2024-08-29 17:36:01 +02:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-29 17:35:57 +02:00
key net: fill in MODULE_DESCRIPTION()s for af_key 2024-02-09 14:12:01 -08:00
l2tp l2tp: fix lockdep splat 2024-08-14 15:34:04 +02:00
l3mdev
lapb
llc net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
mac80211 wifi: mac80211: fix NULL dereference at band check in starting tx ba session 2024-08-14 15:34:10 +02:00
mac802154 net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() 2024-06-03 11:20:56 +02:00
mctp net: mctp: test: Use correct skb for route input check 2024-08-29 17:35:57 +02:00
mpls net: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:41 +01:00
mptcp mptcp: pm: avoid possible UaF when selecting endp 2024-08-29 17:36:12 +02:00
ncsi net/ncsi: Fix the multi thread manner of NCSI driver 2024-06-01 16:21:44 -07:00
netfilter netfilter: flowtable: validate vlan header 2024-08-29 17:36:00 +02:00
netlabel netlabel: fix RCU annotation for IPv4 options on socket creation 2024-05-13 14:58:12 -07:00
netlink netlink: support all extack types in dumps 2024-04-23 10:09:49 -07:00
netrom netrom: Fix a memory leak in nr_heartbeat_expiry() 2024-06-17 13:06:23 +01:00
nfc Quite smaller than usual. Notably it includes the fix for the unix 2024-05-23 12:49:37 -07:00
nsh nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). 2024-04-26 12:20:01 +02:00
openvswitch net: ovs: fix ovs_drop_reasons error 2024-08-29 17:36:01 +02:00
packet af_packet: Handle outgoing VLAN packets without hardware offloading 2024-08-03 09:00:30 +02:00
phonet net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
psample ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
qrtr net: qrtr: ns: Fix module refcnt 2024-05-16 09:47:45 +01:00
rds net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
rfkill net: rfkill: gpio: Convert to platform remove callback returning void 2024-03-25 15:40:22 +01:00
rose net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-09 10:01:01 -07:00
sched netem: fix return value if duplicate enqueue fails 2024-08-29 17:35:59 +02:00
sctp sctp: Fix null-ptr-deref in reuseport_add_sock(). 2024-08-14 15:34:02 +02:00
smc net/smc: add the max value of fallback reason count 2024-08-14 15:34:03 +02:00
strparser
sunrpc SUNRPC: Fix a race to wake a sync task 2024-08-14 15:34:17 +02:00
switchdev net: bridge: switchdev: Improve error message for port_obj_add/del functions 2024-05-08 12:19:12 +01:00
tipc tipc: Return non-zero value from tipc_udp_addr2str() on error 2024-08-03 09:01:03 +02:00
tls tls: fix missing memory barrier in tls_init 2024-05-23 12:03:26 +02:00
unix af_unix: Don't retry after unix_state_lock_nested() in unix_stream_connect(). 2024-08-14 15:34:09 +02:00
vmw_vsock vsock: fix recursive ->recvmsg calls 2024-08-29 17:35:49 +02:00
wireless wifi: nl80211: don't give key data to userspace 2024-08-14 15:34:10 +02:00
x25 net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
xdp xsk: Require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len 2024-08-03 09:01:03 +02:00
xfrm xfrm: call xfrm_dev_policy_delete when kill policy 2024-08-03 08:59:44 +02:00
compat.c file: stop exposing receive_fd_user() 2023-12-12 14:24:14 +01:00
devres.c
Kconfig net: add IEEE 802.1q specific helpers 2024-05-08 10:35:09 +01:00
Kconfig.debug
Makefile af_unix: Remove CONFIG_UNIX_SCM. 2024-01-31 16:41:16 -08:00
socket.c net: have do_accept() take a struct proto_accept_arg argument 2024-05-13 18:19:19 -06:00
sysctl_net.c sysctl: treewide: constify argument ctl_table_root::permissions(table) 2024-04-24 09:43:54 +02:00