[5.4.y,5.10.y,0/4] Backport of CVE-2024-44986 fix to stable 5.4 and 5.10

Message ID	20241225051624.127745-1-harshvardhan.j.jha@oracle.com (mailing list archive)
Headers	show Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C1D38836; Wed, 25 Dec 2024 05:17:00 +0000 (UTC) From: Harshvardhan Jha <harshvardhan.j.jha@oracle.com> To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: harshvardhan.j.jha@oracle.com, netdev@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 5.4.y 5.10.y 0/4] Backport of CVE-2024-44986 fix to stable 5.4 and 5.10 Date: Tue, 24 Dec 2024 21:16:20 -0800 Message-ID: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Backport of CVE-2024-44986 fix to stable 5.4 and 5.10 \| expand [5.4.y,5.10.y,0/4] Backport of CVE-2024-44986 fix to stable 5.4 and 5.10 [5.4.y,5.10.y,1/4] skbuff: introduce skb_expand_head() [5.4.y,5.10.y,2/4] ipv6: use skb_expand_head in ip6_finish_output2 [5.4.y,5.10.y,3/4] ipv6: use skb_expand_head in ip6_xmit [5.4.y,5.10.y,4/4] ipv6: fix possible UAF in ip6_finish_output2()

Message ID

20241225051624.127745-1-harshvardhan.j.jha@oracle.com (mailing list archive)

Headers

From: Harshvardhan Jha <harshvardhan.j.jha@oracle.com>
To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org,
        kuba@kernel.org
Cc: harshvardhan.j.jha@oracle.com, netdev@vger.kernel.org,
        stable@vger.kernel.org
Subject: [PATCH 5.4.y 5.10.y 0/4] Backport of CVE-2024-44986 fix to stable 5.4
 and 5.10
Date: Tue, 24 Dec 2024 21:16:20 -0800
Message-ID: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Backport of CVE-2024-44986 fix to stable 5.4 and 5.10 | expand

Message

Harshvardhan Jha Dec. 25, 2024, 5:16 a.m. UTC

Following is an attempt to backport fix of CVE-2024-44986 back to stable
5.4 and 5.10. 3 extra pre-requisite patches were required to introduce
the skb_expand_head() function and use it in ip6_finish_output2() for
the fix patch to be applicable.

Eric Dumazet (1):
  ipv6: fix possible UAF in ip6_finish_output2()

Vasily Averin (3):
  skbuff: introduce skb_expand_head()
  ipv6: use skb_expand_head in ip6_finish_output2
  ipv6: use skb_expand_head in ip6_xmit

 include/linux/skbuff.h |  1 +
 net/core/skbuff.c      | 42 ++++++++++++++++++++++
 net/ipv6/ip6_output.c  | 82 ++++++++++++++++--------------------------
 3 files changed, 74 insertions(+), 51 deletions(-)