iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
879,972 Commits 104 Branches 1,843 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Pablo Neira Ayuso 2d15663304 netfilter: conntrack: refetch conntrack after nf_conntrack_update() 
[ Upstream commit d005fbb855d3b5660d62ee5a6bd2d99c13ff8cf3 ]

__nf_conntrack_update() might refresh the conntrack object that is
attached to the skbuff. Otherwise, this triggers UAF.

[  633.200434] ==================================================================
[  633.200472] BUG: KASAN: use-after-free in nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200478] Read of size 1 at addr ffff888370804c00 by task nfqnl_test/6769

[  633.200487] CPU: 1 PID: 6769 Comm: nfqnl_test Not tainted 5.8.0-rc2+ #388
[  633.200490] Hardware name: LENOVO 23259H1/23259H1, BIOS G2ET32WW (1.12 ) 05/30/2012
[  633.200491] Call Trace:
[  633.200499]  dump_stack+0x7c/0xb0
[  633.200526]  ? nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200532]  print_address_description.constprop.6+0x1a/0x200
[  633.200539]  ? _raw_write_lock_irqsave+0xc0/0xc0
[  633.200568]  ? nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200594]  ? nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200598]  kasan_report.cold.9+0x1f/0x42
[  633.200604]  ? call_rcu+0x2c0/0x390
[  633.200633]  ? nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200659]  nf_conntrack_update+0x34e/0x770 [nf_conntrack]
[  633.200687]  ? nf_conntrack_find_get+0x30/0x30 [nf_conntrack]

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1436
Fixes: ee04805ff54a ("netfilter: conntrack: make conntrack userspace helpers work again")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-07-16 08:16:38 +02:00
arch
x86/entry: Increase entry_stack size to a full page
2020-07-16 08:16:36 +02:00
block
block: release bip in a right way in error path
2020-07-16 08:16:36 +02:00
certs
PKCS#7: Refactor verify_pkcs7_signature()
2019-08-05 18:40:18 -04:00
crypto
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
2020-07-09 09:37:52 +02:00
Documentation
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
2020-06-22 09:30:58 +02:00
drivers
net: dsa: microchip: set the correct number of ports
2020-07-16 08:16:38 +02:00
fs
cifs: update ctime and mtime during truncate
2020-07-16 08:16:35 +02:00
include
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
2020-07-09 09:37:52 +02:00
init
x86: Fix early boot crash on gcc-10, third try
2020-05-20 08:20:34 +02:00
ipc
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
2020-05-20 08:20:16 +02:00
kernel
sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption
2020-07-16 08:16:36 +02:00
lib
test_objagg: Fix potential memory leak in error handling
2020-06-30 15:37:04 -04:00
LICENSES
LICENSES: Rename other to deprecated
2019-05-03 06:34:32 -06:00
mm
mm, compaction: make capture control handling safe wrt interrupts
2020-07-09 09:37:57 +02:00
net
netfilter: conntrack: refetch conntrack after nf_conntrack_update()
2020-07-16 08:16:38 +02:00
samples
samples/vfs: avoid warning in statx override
2020-07-09 09:37:54 +02:00
scripts
recordmcount: support >64k sections
2020-06-30 15:37:05 -04:00
security
selinux: fix double free
2020-06-24 17:50:48 +02:00
sound
ALSA: hda: Intel: add missing PCI IDs for ICL-H, TGL-H and EKL
2020-07-16 08:16:33 +02:00
tools
selftests: tpm: Use /bin/sh instead of /bin/bash
2020-07-09 09:37:51 +02:00
usr
initramfs: restore default compression behavior
2020-04-08 09:08:38 +02:00
virt
KVM: arm64: Save the host's PtrAuth keys in non-preemptible context
2020-06-17 16:40:38 +02:00
.clang-format
clang-format: Update with the latest for_each macro list
2019-08-31 10:00:51 +02:00
.cocciconfig
.get_maintainer.ignore
Opt out of scripts/get_maintainer.pl
2019-05-16 10:53:40 -07:00
.gitattributes
.gitignore
Modules updates for v5.4
2019-09-22 10:34:46 -07:00
.mailmap
ARM: SoC fixes
2019-11-10 13:41:59 -08:00
COPYING
COPYING: use the new text with points to the license files
2018-03-23 12:41:45 -06:00
CREDITS
MAINTAINERS: Remove Simon as Renesas SoC Co-Maintainer
2019-10-10 08:12:51 -07:00
Kbuild
kbuild: do not descend to ./Kbuild when cleaning
2019-08-21 21:03:58 +09:00
Kconfig
docs: kbuild: convert docs to ReST and rename to *.rst
2019-06-14 14:21:21 -06:00
MAINTAINERS
MAINTAINERS: Update drm/i915 bug filing URL
2020-02-28 17:22:19 +01:00
Makefile
Linux 5.4.51
2020-07-09 09:37:57 +02:00
README
Drop all 00-INDEX files from Documentation/
2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 5.7 GiB
Languages
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%