mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-12-27 14:41:22 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
e5763491237ffee22d9b554febc2d00669f81dee
linux/net
History
Ranganath V N 51e5ad549c net: sctp: fix KMSAN uninit-value in sctp_inq_pop 
Fix an issue detected by syzbot:

KMSAN reported an uninitialized-value access in sctp_inq_pop
BUG: KMSAN: uninit-value in sctp_inq_pop

The issue is actually caused by skb trimming via sk_filter() in sctp_rcv().
In the reproducer, skb->len becomes 1 after sk_filter(), which bypassed the
original check:

        if (skb->len < sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) +
                       skb_transport_offset(skb))
To handle this safely, a new check should be performed after sk_filter().

Reported-by: syzbot+d101e12bccd4095460e7@syzkaller.appspotmail.com
Tested-by: syzbot+d101e12bccd4095460e7@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d101e12bccd4095460e7
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Suggested-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Ranganath V N <vnranganath.20@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20251026-kmsan_fix-v3-1-2634a409fa5f@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2025-10-30 11:21:05 +01:00
..
6lowpan
net: replace ND_PRINTK with dynamic debug
2025-07-10 15:27:32 -07:00
9p
9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN
2025-09-19 16:34:51 +09:00
802
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
8021q
net: s/dev_close_many/netif_close_many/
2025-07-18 17:27:47 -07:00
appletalk
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2025-07-24 11:10:46 -07:00
atm
net: atm: fix memory leak in atm_register_sysfs when device_register fail
2025-09-04 09:53:44 +02:00
ax25
ax25: properly unshare skbs in ax25_kiss_rcv()
2025-09-03 17:06:30 -07:00
batman-adv
Merge tag 'batadv-net-pullrequest-20251024' of https://git.open-mesh.org/linux-merge
2025-10-27 18:00:54 -07:00
bluetooth
Bluetooth: rfcomm: fix modem control handling
2025-10-24 10:32:19 -04:00
bpf
bpf: Do not disable preemption in bpf_test_run().
2025-10-17 11:29:35 -07:00
bridge
bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu()
2025-10-08 13:17:31 +02:00
caif
caif: Replace memset(0) + strscpy() with strscpy_pad()
2025-08-12 14:08:56 -07:00
can
can: j1939: add missing calls in NETDEV_UNREGISTER notification handler
2025-10-13 21:26:31 +02:00
ceph
Merge tag 'ceph-for-6.18-rc1' of https://github.com/ceph/ceph-client
2025-10-10 11:30:19 -07:00
core
net: devmem: refresh devmem TX dst in case of route invalidation
2025-10-29 19:23:21 -07:00
dcb
Revert "Documentation: net: add flow control guide and document ethtool API"
2025-10-01 09:48:21 +02:00
devlink
net: replace use of system_wq with system_percpu_wq
2025-09-22 17:40:30 -07:00
dns_resolver
dsa
net: s/dev_close_many/netif_close_many/
2025-07-18 17:27:47 -07:00
ethernet
ethernet: Extend device_get_mac_address() to use NVMEM
2025-09-15 18:34:08 -07:00
ethtool
Revert "Documentation: net: add flow control guide and document ethtool API"
2025-10-01 09:48:21 +02:00
handshake
net/handshake: Add new parameter 'HANDSHAKE_A_ACCEPT_KEYRING'
2025-07-08 15:31:44 +02:00
hsr
net: hsr: prevent creation of HSR device with slaves from another netns
2025-10-22 19:22:22 -07:00
ieee802154
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
ife
ipv4
tcp: fix too slow tcp_rcvbuf_grow() action
2025-10-29 17:30:19 -07:00
ipv6
net/ip6_tunnel: Prevent perpetual tunnel growth
2025-10-13 17:43:46 -07:00
iucv
net: add sk_drops_read(), sk_drops_inc() and sk_drops_reset() helpers
2025-08-28 13:14:50 +02:00
kcm
net: kcm: Fix race condition in kcm_unattach()
2025-08-13 18:18:33 -07:00
key
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2025-07-24 11:10:46 -07:00
l2tp
l2tp: do not use sock_hold() in pppol2tp_session_get_sock()
2025-08-27 17:16:13 -07:00
l3mdev
lapb
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
llc
net: make sk->sk_rcvtimeo lockless
2025-06-23 17:05:12 -07:00
mac80211
wifi: mac80211: fix key tailroom accounting leak
2025-10-20 13:57:10 +02:00
mac802154
mctp
net: mctp: fix typo in comment
2025-09-08 17:47:57 -07:00
mpls
net: s/dev_get_flags/netif_get_flags/
2025-07-18 17:27:47 -07:00
mptcp
mptcp: zero window probe mib
2025-10-29 17:44:28 -07:00
ncsi
net: ncsi: Fix buffer overflow in fetching version id
2025-06-12 18:21:59 -07:00
netfilter
netfilter: nft_ct: add seqadj extension for natted connections
2025-10-29 14:47:59 +01:00
netlabel
audit: add record for multiple task security contexts
2025-08-30 10:15:30 -04:00
netlink
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2025-09-11 17:40:13 -07:00
netrom
treewide, timers: Rename from_timer() to timer_container_of()
2025-06-08 09:07:37 +02:00
nfc
net: nfc: nci: Add parameter validation for packet data
2025-09-30 10:27:14 +02:00
nsh
openvswitch
net: replace use of system_wq with system_percpu_wq
2025-09-22 17:40:30 -07:00
packet
net: af_packet: Use hrtimer to do the retire operation
2025-09-11 18:40:06 -07:00
phonet
net: add sk_drops_read(), sk_drops_inc() and sk_drops_reset() helpers
2025-08-28 13:14:50 +02:00
psample
psp
net: psp: don't assume reply skbs will have a socket
2025-10-03 10:23:50 -07:00
qrtr
rds
net: WQ_PERCPU added to alloc_workqueue users
2025-09-22 17:40:30 -07:00
rfkill
net: replace use of system_wq with system_percpu_wq
2025-09-22 17:40:30 -07:00
rose
net: rose: fix a typo in rose_clear_routes()
2025-08-27 17:27:52 -07:00
rxrpc
net: WQ_PERCPU added to alloc_workqueue users
2025-09-22 17:40:30 -07:00
sched
net_sched: act: remove tcfa_qstats
2025-09-02 15:52:24 -07:00
sctp
net: sctp: fix KMSAN uninit-value in sctp_inq_pop
2025-10-30 11:21:05 +01:00
shaper
smc
net/smc: fix general protection fault in __smc_diag_dump
2025-10-20 17:46:06 -07:00
strparser
net: make sk->sk_rcvtimeo lockless
2025-06-23 17:05:12 -07:00
sunrpc
Merge tag 'nfsd-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
2025-10-06 13:22:21 -07:00
switchdev
tipc
net: doc: Fix typos in docs
2025-10-03 10:24:14 -07:00
tls
net: tls: Cancel RX async resync request on rcd_delta overflow
2025-10-29 18:32:18 -07:00
unix
Merge tag 'net-next-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2025-10-02 15:17:01 -07:00
vmw_vsock
vsock: fix lock inversion in vsock_assign_transport()
2025-10-23 16:07:58 +02:00
wireless
wifi: nl80211: call kfree without a NULL check
2025-10-20 13:57:26 +02:00
x25
net/x25: Remove unused x25_terminate_link()
2025-07-14 17:19:13 -07:00
xdp
xsk: Harden userspace-supplied xdp_desc validation
2025-10-10 10:07:48 -07:00
xfrm
espintcp: use datagram_poll_queue for socket readiness
2025-10-23 15:46:04 +02:00
compat.c
devres.c
Kconfig
dibs: Create drivers/dibs
2025-09-23 11:13:21 +02:00
Kconfig.debug
Makefile
psp: base PSP device support
2025-09-18 12:32:06 +02:00
socket.c
Merge tag 'net-next-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2025-10-02 15:17:01 -07:00
sysctl_net.c