kernel_google_wahoo/net at fed8fd79e38fcda4e38cda014facf02f48cbed42 - kernel_google_wahoo - Evolution X Git

Evolution-X-Devices/kernel_google_wahoo

Files

History

Anant Thazhemadam 785ef2d0c5 net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()

commit 3dc289f8f139997f4e9d3cfccf8738f20d23e47b upstream.

In nl80211_parse_key(), key.idx is first initialized as -1.
If this value of key.idx remains unmodified and gets returned, and
nl80211_key_allowed() also returns 0, then rdev_del_key() gets called
with key.idx = -1.
This causes an out-of-bounds array access.

Handle this issue by checking if the value of key.idx after
nl80211_parse_key() is called and return -EINVAL if key.idx < 0.

Cc: stable@vger.kernel.org
Reported-by: syzbot+b1bb342d1d097516cbda@syzkaller.appspotmail.com
Tested-by: syzbot+b1bb342d1d097516cbda@syzkaller.appspotmail.com
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
Link: https://lore.kernel.org/r/20201007035401.9522-1-anant.thazhemadam@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2020-10-14 09:46:22 +02:00

..

6lowpan: Off by one handling ->nexthdr

2020-01-29 10:21:42 +01:00

net/9p: validate fds in p9_fd_open

2020-08-21 10:52:56 +02:00

…

vlan: fix memory leak in vlan_dev_set_egress_priority

2020-01-12 11:22:52 +01:00

appletalk: Set error code if register_snap_client failed

2019-12-21 10:35:03 +01:00

atm: fix a memory leak of vcc->user_back

2020-10-01 11:11:55 +02:00

AX.25: Prevent integer overflows in connect and sendmsg

2020-07-31 16:43:16 +02:00

batman-adv: mcast/TT: fix wrongly dropped or rerouted packets

2020-10-01 11:11:57 +02:00

Bluetooth: Handle Inquiry Cancel error after Inquiry Complete

2020-10-01 11:11:55 +02:00

netfilter: nft_reject_bridge: enable reject with bridge vlan

2020-06-03 08:12:13 +02:00

net: caif: Add a missing rcu_read_unlock() in caif_flow_cb

2018-09-05 09:18:34 +02:00

can: purge socket error queue on sock destruct

2019-07-10 09:56:33 +02:00

libceph: handle an empty authorize reply

2019-03-23 08:44:18 +01:00

neigh_stat_seq_next() should increase position index

2020-10-01 11:11:51 +02:00

net: dcb: For wild-card lookups, use priority -1, not 0

2018-09-19 22:48:58 +02:00

net: ipv6: add net argument to ip6_dst_lookup_flow

2020-05-20 08:11:36 +02:00

decnet: fix DN_IFREQ_SIZE

2019-12-05 15:27:07 +01:00

KEYS: DNS: fix parsing multiple options

2018-07-22 14:25:54 +02:00

net: dsa: slave: fix of-node leak and phy priority

2020-05-10 10:26:09 +02:00

net: add annotations on hh->hh_len lockless accesses

2020-01-12 11:22:45 +01:00

hsr: set .netnsok flag

2020-04-02 19:02:34 +02:00

nl802154: add missing attribute validation for dev_type

2020-03-20 09:06:19 +01:00

rt_cpu_seq_next should increase position index

2020-10-01 11:11:51 +02:00

ipv6: check skb->protocol before lookup for nexthop

2020-08-21 10:53:07 +02:00

ipx: call ipxitf_put() in ioctl error path

2017-05-25 14:30:13 +02:00

irda: Free skb on irda_accept error path.

2020-05-10 10:25:58 +02:00

net/af_iucv: always register net_device notifier

2020-01-29 10:21:45 +01:00

af_key: pfkey_dump needs parameter validation

2020-10-01 11:11:49 +02:00

l2tp: remove skb_dst_set() from l2tp_xmit_skb()

2020-07-22 09:10:03 +02:00

net: Add netif_is_l3_slave

2015-10-07 04:27:43 -07:00

lapb: fixed leak of control-blocks.

2019-06-22 08:18:25 +02:00

llc: make sure applications use ARPHRD_ETHER

2020-07-22 09:10:03 +02:00

mac80211: fix misplaced while instead of if

2020-08-21 10:53:05 +02:00

net: mac802154: tx: expand tailroom if necessary

2018-09-09 20:04:32 +02:00

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

2020-05-20 08:11:37 +02:00

netfilter: ctnetlink: add a range check for l3/l4 protonum

2020-10-14 09:46:21 +02:00

netlabel: cope with NULL catmap

2020-05-20 08:11:52 +02:00

genetlink: remove genl_bind

2020-07-22 09:10:03 +02:00

net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node

2020-05-02 17:20:33 +02:00

net/nfc/rawsock.c: add CAP_NET_RAW check.

2020-08-21 10:53:03 +02:00

net: openvswitch: fix csum updates for MPLS actions

2020-05-20 08:11:45 +02:00

packet: fix data-race in fanout_flow_is_huge()

2020-01-29 10:21:50 +01:00

phonet: fix building with clang

2019-03-23 08:44:34 +01:00

rds: Prevent kernel-infoleak in rds_notify_queue_get()

2020-08-21 10:52:53 +02:00

rfkill: Fix incorrect check to avoid NULL pointer dereference

2020-01-12 11:22:49 +01:00

net: rose: fix a possible stack overflow

2019-04-03 06:23:25 +02:00

rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA

2020-07-31 16:43:16 +02:00

net: sched: export __netdev_watchdog_up()

2020-06-29 20:07:57 -04:00

sctp: not disable bh in the whole sctp_get_port_local()

2020-09-12 11:45:33 +02:00

SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'

2020-10-01 11:11:54 +02:00

switchdev: pass pointer to fib_info instead of copy

2016-06-24 10:18:16 -07:00

tipc: use skb_unshare() instead in tipc_buf_append()

2020-10-01 11:11:49 +02:00

skbuff: fix a data race in skb_queue_len()

2020-10-01 11:11:52 +02:00

vsock: fix timeout in vsock_accept()

2020-06-11 09:21:39 +02:00

net:wimax: Fix doucble word "the the" in networking.xml

2015-08-09 22:43:52 -07:00

net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()

2020-10-14 09:46:22 +02:00

net/x25: Fix null-ptr-deref in x25_disconnect

2020-08-21 10:52:53 +02:00

xfrm: fix a NULL-ptr deref in xfrm_local_error

2020-06-03 08:12:13 +02:00

compat.c

net/compat: Add missing sock updates for SCM_RIGHTS

2020-08-26 10:27:07 +02:00

Kconfig

Make DST_CACHE a silent config option

2018-02-25 11:03:37 +01:00

Makefile

net: Introduce L3 Master device abstraction

2015-09-29 20:40:32 -07:00

socket.c

net: Set fput_needed iff FDPUT_FPUT is set

2020-08-21 10:53:03 +02:00

sysctl_net.c

net: Use ns_capable_noaudit() when determining net sysctl permissions

2016-09-15 08:27:50 +02:00