linux-toradex.git - Linux kernel for Apalis and Colibri modules

diff options

author	David Howells <dhowells@redhat.com>	2026-05-16 00:05:15 +0100
committer	Jakub Kicinski <kuba@kernel.org>	2026-05-20 16:36:45 -0700
commit	8bfab4b6ffc2fe92da86300728fc8c3c7ebffb56 (patch)
tree	9ff4edd469803c829ad5e9cd4d94f73e685fc34e /tools/testing
parent	d2bc90cf6c75cb96d2ce549be6c35efa3099d25b (diff)

rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer

This improves the fix for CVE-2026-43500. Fix the verification of RESPONSE packets to avoid the problem of overwriting a RESPONSE packet sent via splice to a local address by extracting the contents of the UDP packet into a kmalloc'd linear buffer rather than decrypting the data in place in the sk_buff (which may corrupt the original buffer). Fixes: 24481a7f5733 ("rxrpc: Fix conn-level packet handling to unshare RESPONSE packets") Reported-by: Hyunwoo Kim <imv4bel@gmail.com> Closes: https://lore.kernel.org/r/afKV2zGR6rrelPC7@v4bel/ Signed-off-by: David Howells <dhowells@redhat.com> cc: Simon Horman <horms@kernel.org> cc: Jiayuan Chen <jiayuan.chen@linux.dev> cc: linux-afs@lists.infradead.org cc: stable@kernel.org Reviewed-by: Jeffrey Altman <jaltman@auristor.com> Tested-by: Marc Dionne <marc.dionne@auristor.com> Link: https://patch.msgid.link/20260515230516.2718212-4-dhowells@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'tools/testing')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: