iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Luiz Augusto von Dentz 26ca2ac091 Bluetooth: L2CAP: Fix attempting to access uninitialized memory 
commit b1a2cd50c0357f243b7435a732b4e62ba3157a2e upstream.

On l2cap_parse_conf_req the variable efs is only initialized if
remote_efs has been set.

CVE: CVE-2022-42895
CC: stable@vger.kernel.org
Reported-by: Tamás Koczka <poprdi@google.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Reviewed-by: Tedd Ho-Jeong An <tedd.an@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-11-10 18:14:24 +01:00
..
6lowpan
6lowpan: iphc: Fix an off-by-one check of array index
2021-09-15 09:50:34 +02:00
9p
net/9p: Initialize the iounit field during fid creation
2022-08-21 15:16:26 +02:00
802
net/802/garp: fix memleak in garp_request_join()
2021-07-31 08:16:11 +02:00
8021q
net: make free_netdev() more lenient with unregistering devices
2022-07-29 17:19:07 +02:00
appletalk
appletalk: Fix skb allocation size in loopback case
2021-04-07 15:00:08 +02:00
atm
net/atm: fix proc_mpc_write incorrect return value
2022-10-30 09:41:16 +01:00
ax25
net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
2022-06-22 14:13:17 +02:00
batman-adv
batman-adv: Don't skb_split skbuffs with frag_list
2022-05-18 10:23:42 +02:00
bluetooth
Bluetooth: L2CAP: Fix attempting to access uninitialized memory
2022-11-10 18:14:24 +01:00
bpf
bpf: Don't redirect packets with invalid pkt_len
2022-09-05 10:28:56 +02:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-07-14 16:56:29 +02:00
bridge
netfilter: ebtables: fix memory leak when blob is malformed
2022-09-28 11:10:36 +02:00
caif
net-caif: avoid user-triggerable WARN_ON(1)
2021-09-22 12:27:56 +02:00
can
can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb()
2022-11-03 23:57:48 +09:00
ceph
libceph: fix potential use-after-free on linger ping and resends
2022-05-25 09:17:56 +02:00
core
net, neigh: Fix null-ptr-deref in neigh_table_clear()
2022-11-10 18:14:20 +01:00
dcb
net: dcb: disable softirqs in dcbnl_flush_dev()
2022-03-08 19:09:37 +01:00
dccp
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
2022-08-21 15:15:52 +02:00
decnet
net: Fix data-races around sysctl_[rw]mem(_offset)?.
2022-08-31 17:15:19 +02:00
dns_resolver
dsa
net: dsa: Add missing of_node_put() in dsa_port_link_register_of
2022-05-09 09:05:02 +02:00
ethernet
ethtool
ethtool: do not perform operations on net devices being unregistered
2021-12-17 10:14:41 +01:00
hsr
net: hsr: avoid possible NULL deref in skb_clone()
2022-10-30 09:41:17 +01:00
ieee802154
net: ieee802154: fix error return code in dgram_bind()
2022-11-03 23:57:51 +09:00
ife
ipv4
nh: fix scope used to find saddr when adding non gw nh
2022-11-03 23:57:54 +09:00
ipv6
ipv6: fix WARNING in ip6_route_net_exit_late()
2022-11-10 18:14:20 +01:00
iucv
net/af_iucv: remove WARN_ONCE on malformed RX packets
2021-03-07 12:34:05 +01:00
kcm
kcm: annotate data-races around kcm->rx_wait
2022-11-03 23:57:52 +09:00
key
af_key: Do not call xfrm_probe_algs in parallel
2022-08-31 17:15:15 +02:00
l2tp
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
2022-06-22 14:13:15 +02:00
l3mdev
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
2022-04-27 13:53:50 +02:00
lapb
net: lapb: Copy the skb before sending a packet
2021-02-10 09:29:14 +01:00
llc
llc: only change llc->dev when bind() succeeds
2022-03-28 09:57:10 +02:00
mac80211
wifi: mac80211: allow bw change during channel switch in mesh
2022-10-26 13:25:19 +02:00
mac802154
mac802154: Fix LQI recording
2022-11-03 23:57:49 +09:00
mpls
net: Use u64_stats_fetch_begin_irq() for stats fetch.
2022-09-08 11:11:40 +02:00
mptcp
net: Fix data-races around sysctl_[rw]mem(_offset)?.
2022-08-31 17:15:19 +02:00
ncsi
net/ncsi: check for error return from call to nla_put_u32
2022-01-05 12:40:32 +01:00
netfilter
ipvs: fix WARNING in ip_vs_app_net_cleanup()
2022-11-10 18:14:18 +01:00
netlabel
netlabel: fix out-of-bounds memory accesses
2022-04-13 21:01:00 +02:00
netlink
net: genl: fix error path memory leak in policy dumping
2022-08-25 11:38:07 +02:00
netrom
netrom: fix api breakage in nr_setsockopt()
2022-01-27 10:54:03 +01:00
nfc
NFC: NULL out the dev->rfkill to prevent UAF
2022-06-09 10:21:01 +02:00
nsh
openvswitch
openvswitch: switch from WARN to pr_warn
2022-11-03 23:57:53 +09:00
packet
net/af_packet: check len when min_header_len equals to 0
2022-09-05 10:28:59 +02:00
phonet
phonet: refcount leak in pep_sock_accep
2022-01-11 15:25:01 +01:00
psample
net: psample: Fix netlink skb length with tunnel info
2021-03-07 12:34:07 +01:00
qrtr
qrtr: Convert qrtr_ports from IDR to XArray
2022-08-25 11:38:23 +02:00
rds
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
2022-10-26 13:25:23 +02:00
rfkill
rfkill: Fix use-after-free in rfkill_resume()
2020-11-12 09:18:06 +01:00
rose
rose: Fix NULL pointer dereference in rose_send_frame()
2022-11-10 18:14:19 +01:00
rxrpc
rxrpc: Fix calc of resend age
2022-09-23 14:16:59 +02:00
sched
net: sched: Fix use after free in red_enqueue()
2022-11-10 18:14:18 +01:00
sctp
sctp: handle the error returned from sctp_auth_asoc_init_active_key
2022-10-26 13:25:23 +02:00
smc
net/smc: Stop the CLC flow if no link to map buffers on
2022-09-28 11:10:36 +02:00
strparser
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 14:04:27 +01:00
sunrpc
SUNRPC: RPC level errors should set task->tk_rpc_status
2022-08-31 17:15:15 +02:00
switchdev
net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
2021-02-07 15:37:12 +01:00
tipc
tipc: fix a null-ptr-deref in tipc_topsrv_accept
2022-11-03 23:57:51 +09:00
tls
net/tls: Remove the context from the list in tls_device_down
2022-08-03 12:00:46 +02:00
unix
io_uring/af_unix: defer registered files gc to io_uring release
2022-10-26 13:25:55 +02:00
vmw_vsock
vhost/vsock: Use kvmalloc/kvfree for larger packets.
2022-10-26 13:25:22 +02:00
wimax
genetlink: move to smaller ops wherever possible
2020-10-02 19:11:11 -07:00
wireless
wifi: cfg80211: update hidden BSSes to avoid WARN_ON
2022-10-15 07:55:56 +02:00
x25
net/x25: Fix null-ptr-deref caused by x25_disconnect
2022-04-08 14:40:30 +02:00
xdp
xsk: Inherit need_wakeup flag for shared sockets
2022-10-15 07:55:51 +02:00
xfrm
xfrm: Update ipcomp_scratches with NULL when freed
2022-10-26 13:25:46 +02:00
compat.c
net: Return the correct errno code
2021-06-18 10:00:06 +02:00
devres.c
Kconfig
drop_monitor: Convert to using devlink tracepoint
2020-09-30 18:01:26 -07:00
Makefile
socket.c
net: Fix a data-race around sysctl_somaxconn.
2022-08-31 17:15:21 +02:00
sysctl_net.c