diff options
author | David S. Miller <davem@davemloft.net> | 2023-08-02 11:06:06 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2023-08-02 11:06:06 +0200 |
commit | 666c135b2d859a00ee74c8645b2affacfae45421 (patch) | |
tree | de406f03ecfdcb5451f32266f745667bc0fb2848 /drivers/s390/net/qeth_core.h | |
parent | net: dcb: choose correct policy to parse DCB_ATTR_BCN (diff) | |
parent | net: tap_open(): set sk_uid from current_fsuid() (diff) | |
download | linux-666c135b2d859a00ee74c8645b2affacfae45421.tar.xz linux-666c135b2d859a00ee74c8645b2affacfae45421.zip |
Merge branch 'tun-tap-uid'
Laszlo Ersek says:
====================
tun/tap: set sk_uid from current_fsuid()
The original patches fixing CVE-2023-1076 are incorrect in my opinion.
This small series fixes them up; see the individual commit messages for
explanation.
I have a very elaborate test procedure demonstrating the problem for
both tun and tap; it involves libvirt, qemu, and "crash". I can share
that procedure if necessary, but it's indeed quite long (I wrote it
originally for our QE team).
The patches in this series are supposed to "re-fix" CVE-2023-1076; given
that said CVE is classified as Low Impact (CVSSv3=5.5), I'm posting this
publicly, and not suggesting any embargo. Red Hat Product Security may
assign a new CVE number later.
I've tested the patches on top of v6.5-rc4, with "crash" built at commit
c74f375e0ef7.
Cc: Eric Dumazet <edumazet@google.com>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Pietro Borrello <borrello@diag.uniroma1.it>
Cc: netdev@vger.kernel.org
Cc: stable@vger.kernel.org
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/s390/net/qeth_core.h')
0 files changed, 0 insertions, 0 deletions