[5.4/5.10/5.15,0/1] Backport fix for CVE-2023-1075

Message ID	20241128183509.23236-1-n.zhandarovich@fintech.ru (mailing list archive)
Headers	show Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29A2313BC35; Thu, 28 Nov 2024 18:35:23 +0000 (UTC) From: Nikita Zhandarovich <n.zhandarovich@fintech.ru> To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin <sashal@kernel.org>, <stable@vger.kernel.org> CC: Nikita Zhandarovich <n.zhandarovich@fintech.ru>, Boris Pismenny <borisp@nvidia.com>, John Fastabend <john.fastabend@gmail.com>, "Daniel Borkmann" <daniel@iogearbox.net>, Jakub Kicinski <kuba@kernel.org>, "David S. Miller" <davem@davemloft.net>, <netdev@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <lvc-project@linuxtesting.org> Subject: [PATCH 5.4/5.10/5.15 0/1] Backport fix for CVE-2023-1075 Date: Thu, 28 Nov 2024 10:35:08 -0800 Message-ID: <20241128183509.23236-1-n.zhandarovich@fintech.ru> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Backport fix for CVE-2023-1075 \| expand [5.4/5.10/5.15,0/1] Backport fix for CVE-2023-1075 [5.4/5.10/5.15,1/1] net/tls: tls_is_tx_ready() checked list_entry

Message ID

20241128183509.23236-1-n.zhandarovich@fintech.ru (mailing list archive)

Headers

From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Sasha Levin
	<sashal@kernel.org>, <stable@vger.kernel.org>
CC: Nikita Zhandarovich <n.zhandarovich@fintech.ru>, Boris Pismenny
	<borisp@nvidia.com>, John Fastabend <john.fastabend@gmail.com>, "Daniel
 Borkmann" <daniel@iogearbox.net>, Jakub Kicinski <kuba@kernel.org>, "David
 S. Miller" <davem@davemloft.net>, <netdev@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, <lvc-project@linuxtesting.org>
Subject: [PATCH 5.4/5.10/5.15 0/1] Backport fix for CVE-2023-1075
Date: Thu, 28 Nov 2024 10:35:08 -0800
Message-ID: <20241128183509.23236-1-n.zhandarovich@fintech.ru>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain

Series

Backport fix for CVE-2023-1075 | expand

Message

Nikita Zhandarovich Nov. 28, 2024, 6:35 p.m. UTC

This patch addresses an issue of type confusion in tls_is_tx_ready(),
as a check for NULL of list_first_entry() return value is wrong.
This issue has been given a CVE entry CVE-2023-1075 [1] and is still
present in several stable branches.

As the flawed function tls_is_tx_ready() is named is_tx_ready() and
is situated in another file (specifically, include/net/tls.h) in older
kernel versions, fix the error there instead. This adapted backport
can be cleanly applied to 5.4, 5.10 and 5.15 branches.

[PATCH 5.4/5.10/5.15 1/1] net/tls: tls_is_tx_ready() checked list_entry
Use list_first_entry_or_null() instead of list_entry() to properly
check for empty lists.
Fixes [1].

[1] https://nvd.nist.gov/vuln/detail/cve-2023-1075
[2] https://github.com/torvalds/linux/commit/ffe2a22562444720b05bdfeb999c03e810d84cbb