Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10: - "SKB_FRAG_PAGE_ORDER" declaration is moved from "net/core/sock.c" to "include/net/sock.c"
- v5.4: - "SKB_FRAG_PAGE_ORDER" declaration is moved from "net/core/sock.c" to "include/net/sock.c" - Ignore changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head()
Can you help in cherry-picking the commit to above stable branches?
Thanks, Vaibhav