HomeDefault status
unaffected
fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d (git) before 13336a6239b9d7c6e61483017bb8bdfe3ceb10a5
affected
fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d (git) before e41a23e61259f5526af875c3b86b3d42a9bae0e5
affected
fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d (git) before 8a672f177ebe19c93d795fbe967846084fbc7943
affected
fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d (git) before cabd1a976375780dabab888784e356f574bbaed8
affected
Default status
affected
2.6.35
affected
Any version before 2.6.35
unaffected
6.6.124 (semver)
unaffected
6.12.70 (semver)
unaffected
6.18.10 (semver)
unaffected
6.19 (original_commit_for_fix)
unaffected
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221
Product status
fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d (git) before 13336a6239b9d7c6e61483017bb8bdfe3ceb10a5
fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d (git) before e41a23e61259f5526af875c3b86b3d42a9bae0e5
fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d (git) before 8a672f177ebe19c93d795fbe967846084fbc7943
fbc2e7d9cf49e0bf89b9e91fd60a06851a855c5d (git) before cabd1a976375780dabab888784e356f574bbaed8
2.6.35
Any version before 2.6.35
6.6.124 (semver)
6.12.70 (semver)
6.18.10 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/13336a6239b9d7c6e61483017bb8bdfe3ceb10a5
git.kernel.org/...c/e41a23e61259f5526af875c3b86b3d42a9bae0e5
git.kernel.org/...c/8a672f177ebe19c93d795fbe967846084fbc7943
git.kernel.org/...c/cabd1a976375780dabab888784e356f574bbaed8