iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Dan Williams 753fc48e59 mpls, nospec: Sanitize array index in mpls_label_ok() 
commit 3968523f855050b8195134da951b87c20bd66130 upstream.

mpls_label_ok() validates that the 'platform_label' array index from a
userspace netlink message payload is valid. Under speculation the
mpls_label_ok() result may not resolve in the CPU pipeline until after
the index is used to access an array element. Sanitize the index to zero
to prevent userspace-controlled arbitrary out-of-bounds speculation, a
precursor for a speculative execution side channel vulnerability.

Cc: <stable@vger.kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-22 15:42:28 +01:00
..
6lowpan
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
9p
net/9p: Switch to wait_event_killable()
2017-11-30 08:40:49 +00:00
802
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
8021q
8021q: fix a memory leak for VLAN 0 device
2018-01-17 09:45:20 +01:00
appletalk
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
atm
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ax25
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-08-09 16:28:45 -07:00
bluetooth
Bluetooth: Prevent stack info leak from the EFS element.
2018-01-17 09:45:26 +01:00
bpf
bridge
net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
2018-01-02 20:31:09 +01:00
caif
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
can
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
2018-01-23 19:58:17 +01:00
ceph
libceph: don't WARN() if user tries to add invalid key
2017-11-30 08:40:45 +00:00
core
kmemcheck: remove annotations
2018-02-22 15:42:23 +01:00
dcb
rtnetlink: make rtnl_register accept a flags parameter
2017-08-09 16:57:38 -07:00
dccp
dccp: CVE-2017-8824: use-after-free in DCCP code
2018-02-16 20:22:45 +01:00
decnet
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
dns_resolver
KEYS: Fix race between updating and finding a negative key
2017-10-18 09:12:40 +01:00
dsa
net: dsa: return after vlan prepare phase
2017-11-11 15:45:09 +09:00
ethernet
networking: make skb_push & __skb_push return void pointers
2017-06-16 11:48:40 -04:00
hsr
net/hsr: Check skb_put_padto() return value
2017-08-22 13:40:23 -07:00
ieee802154
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
ife
MAINTAINERS: Update Yotam's E-mail
2017-11-01 12:19:03 +09:00
ipv4
kmemcheck: remove annotations
2018-02-22 15:42:23 +01:00
ipv6
ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only
2018-02-13 10:19:48 +01:00
ipx
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
iucv
iucv: Convert sk_wmem_alloc accesses to refcount_t.
2017-07-03 02:31:22 -07:00
kcm
fix kcm_clone()
2017-12-17 15:07:59 +01:00
key
af_key: fix buffer overread in parse_exthdrs()
2018-01-23 19:58:12 +01:00
l2tp
l2tp: cleanup l2tp_tunnel_delete calls
2017-12-20 10:10:31 +01:00
l3mdev
lapb
net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t
2017-07-04 22:35:16 +01:00
llc
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mac80211
mac80211: fix the update of path metric for RANN frame
2018-02-03 17:39:03 +01:00
mac802154
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-02-22 15:42:28 +01:00
ncsi
net/ncsi: Fix length of GVI response packet
2017-10-21 01:56:38 +01:00
netfilter
netfilter: xt_osf: Add missing permission checks
2018-01-31 14:03:41 +01:00
netlabel
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
netlink
netlink: reset extack earlier in netlink_rcv_skb
2018-01-31 14:03:48 +01:00
netrom
net, netrom: convert nr_node.refcount from atomic_t to refcount_t
2017-07-04 22:35:17 +01:00
nfc
NFC: fix device-allocation error return
2017-11-30 08:40:55 +00:00
nsh
nsh: add GSO support
2017-08-29 15:16:52 -07:00
openvswitch
openvswitch: fix the incorrect flow action alloc size
2018-02-03 17:39:03 +01:00
packet
net/packet: fix a race in packet_bind() and packet_notifier()
2017-12-17 15:07:56 +01:00
phonet
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
psample
MAINTAINERS: Update Yotam's E-mail
2017-11-01 12:19:03 +09:00
qrtr
qrtr: Move to postcore_initcall
2017-11-08 14:32:18 +09:00
rds
RDS: null pointer dereference in rds_atomic_free_op
2018-01-17 09:45:21 +01:00
rfkill
net: rfkill: gpio: Switch to devm_acpi_dev_add_driver_gpios()
2017-06-13 11:07:51 +02:00
rose
rxrpc
rxrpc: Fix service endpoint expiry
2018-02-03 17:39:01 +01:00
sched
net/sched: Fix update of lastuse in act modules implementing stats_update
2018-01-17 09:45:22 +01:00
sctp
sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1
2018-02-03 17:39:04 +01:00
smc
net/smc: use sk_rcvbuf as start for rmb creation
2017-12-14 09:53:05 +01:00
strparser
strparser: Use delayed work instead of timer for msg timeout
2017-10-25 10:37:11 +09:00
sunrpc
SUNRPC: Allow connect to return EHOSTUNREACH
2018-02-03 17:39:11 +01:00
switchdev
net: switchdev: Remove bridge bypass support from switchdev
2017-08-07 14:48:48 -07:00
tipc
tipc: fix a memory leak in tipc_nl_node_get_link()
2018-01-31 14:03:46 +01:00
tls
tls: reset crypto_info when do_tls_setsockopt_tx fails
2018-01-31 14:03:48 +01:00
unix
License cleanup: add SPDX license identifiers to some files
2017-11-02 10:04:46 -07:00
vmw_vsock
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wimax
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
wireless
nl80211: Sanitize array index in parse_txq_params
2018-02-07 11:12:23 -08:00
x25
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xfrm
xfrm: Fix a race in the xdst pcpu cache.
2018-01-31 14:03:41 +01:00
compat.c
net: compat: assert the size of cmsg copied in is as expected
2017-09-20 15:36:18 -07:00
Kconfig
net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros.
2017-09-04 13:25:20 +02:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
socket.c
kmemcheck: remove annotations
2018-02-22 15:42:23 +01:00
sysctl_net.c