On Mon, Mar 21, 2022 at 06:49:02PM -0700, Vaibhav Rustagi wrote:
Hi Greg,
To fix CVE-2022-0886 in v5.10 and v5.4, we need to cherry-pick the commit "esp: Fix possible buffer overflow in ESP transformation" (ebe48d368e97d007bfeb76fcb065d6cfc4c96645). The commit didn't apply cleanly in v5.10 and v5.4 and therefore, patches for both the kernel versions are attached.
In order to backport the original commit, following changes are done:
- v5.10:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c"
Did you see that this is already in the 5.10 queue and out for review right now? Can you verify that the backport there matches yours?
- v5.4:
- "SKB_FRAG_PAGE_ORDER" declaration is moved from
"net/core/sock.c" to "include/net/sock.c" - Ignore changes introduced due to `xfrm: add support for UDPv6 encapsulation of ESP` in esp6_output_head()
Thanks for this one, I'll queue it up after this next round of releases. What about 4.14 and 4.19? Will this backport work there? If not, can you provide a working one?
thanks,
greg k-h