redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net
History
Florian Westphal 39f154faec netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt 
commit b078556aec upstream.

l4proto->manip_pkt() can cause reallocation of skb head so pointer
to the ipv6 header must be reloaded.

Reported-and-tested-by: <syzbot+10005f4292fc9cc89de7@syzkaller.appspotmail.com>
Fixes: 58a317f106 ("netfilter: ipv6: add IPv6 NAT support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-03-15 10:54:24 +01:00
..
6lowpan
9p 9p/trans_virtio: discard zero-length reply 2018-02-22 15:42:30 +01:00
802
8021q 8021q: fix a memory leak for VLAN 0 device 2018-01-17 09:45:20 +01:00
appletalk
atm
ax25
batman-adv
bluetooth Bluetooth: Prevent stack info leak from the EFS element. 2018-01-17 09:45:26 +01:00
bpf
bridge netfilter: bridge: ebt_among: add missing match size checks 2018-03-15 10:54:24 +01:00
caif
can can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once 2018-01-23 19:58:17 +01:00
ceph
core net_sched: gen_estimator: fix broken estimators based on percpu stats 2018-03-08 22:41:13 -08:00
dcb
dccp dccp: CVE-2017-8824: use-after-free in DCCP code 2018-02-16 20:22:45 +01:00
decnet dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock 2018-02-25 11:07:52 +01:00
dns_resolver
dsa
ethernet
hsr
ieee802154
ife
ipv4 netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation 2018-03-15 10:54:23 +01:00
ipv6 netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt 2018-03-15 10:54:24 +01:00
ipx
iucv
kcm kcm: Only allow TCP sockets to be attached to a KCM mux 2018-02-25 11:07:45 +01:00
key af_key: fix buffer overread in parse_exthdrs() 2018-01-23 19:58:12 +01:00
l2tp l2tp: cleanup l2tp_tunnel_delete calls 2017-12-20 10:10:31 +01:00
l3mdev
lapb
llc
mac80211 mac80211: mesh: drop frames appearing to be from us 2018-03-03 10:24:35 +01:00
mac802154
mpls mpls, nospec: Sanitize array index in mpls_label_ok() 2018-02-22 15:42:28 +01:00
ncsi
netfilter netfilter: IDLETIMER: be syzkaller friendly 2018-03-15 10:54:24 +01:00
netlabel
netlink netlink: put module reference if dump start fails 2018-03-08 22:41:17 -08:00
netrom
nfc
nsh
openvswitch openvswitch: fix the incorrect flow action alloc size 2018-02-03 17:39:03 +01:00
packet
phonet
psample
qrtr
rds rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete 2018-02-25 11:07:51 +01:00
rfkill
rose
rxrpc rxrpc: Fix send in rxrpc_send_data_packet() 2018-03-08 22:41:12 -08:00
sched cls_u32: fix use after free in u32_destroy_key() 2018-03-08 22:41:16 -08:00
sctp sctp: fix dst refcnt leak in sctp_v6_get_dst() 2018-03-08 22:41:15 -08:00
smc
strparser
sunrpc xprtrdma: Fix BUG after a device removal 2018-02-22 15:42:29 +01:00
switchdev
tipc tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path 2018-03-03 10:24:30 +01:00
tls tls: reset crypto_info when do_tls_setsockopt_tx fails 2018-01-31 14:03:48 +01:00
unix
vmw_vsock VSOCK: fix outdated sk_state value in hvs_release() 2018-02-25 11:07:59 +01:00
wimax
wireless nl80211: Check for the required netlink attribute presence 2018-03-03 10:24:34 +01:00
x25
xfrm xfrm: Reinject transport-mode packets through tasklet 2018-03-03 10:24:25 +01:00
compat.c
Kconfig
Makefile
socket.c kmemcheck: remove annotations 2018-02-22 15:42:23 +01:00
sysctl_net.c