kernel_samsung_a53x/net
Ryosuke Yasuoka 3e5960ae27 nfc: nci: Fix uninit-value in nci_rx_work
[ Upstream commit e4a87abf588536d1cdfb128595e6e680af5cf3ed ]

syzbot reported the following uninit-value access issue [1]

nci_rx_work() parses received packet from ndev->rx_q. It should be
validated header size, payload size and total packet size before
processing the packet. If an invalid packet is detected, it should be
silently discarded.

Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet")
Reported-and-tested-by: syzbot+d7b4dc6cd50410152534@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d7b4dc6cd50410152534 [1]
Signed-off-by: Ryosuke Yasuoka <ryasuoka@redhat.com>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-19 12:27:09 +01:00
..
6lowpan
9p
802
8021q vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING 2024-11-18 12:13:00 +01:00
appletalk
atm
ax25
batman-adv batman-adv: Avoid infinite loop trying to resize local TT 2024-11-19 11:32:19 +01:00
bluetooth Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout 2024-11-19 11:32:45 +01:00
bpf
bpfilter
bridge net: bridge: fix multicast-to-unicast with fraglist GSO 2024-11-19 11:32:43 +01:00
caif
can can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) 2024-11-18 12:13:33 +01:00
ceph
core net: give more chances to rcu in netdev_wait_allrefs_any() 2024-11-19 12:26:55 +01:00
dcb
dccp
decnet
dns_resolver
dsa
ethernet ethernet: Add helper for assigning packet type when dest address does not match device address 2024-11-19 11:32:39 +01:00
ethtool ethtool: netlink: Add missing ethnl_ops_begin/complete 2024-11-18 12:12:51 +01:00
hsr hsr: Handle failures in module init 2024-11-19 08:44:59 +01:00
ieee802154
ife
ipv4 tcp: avoid premature drops in tcp_add_backlog() 2024-11-19 12:26:55 +01:00
ipv6 ipv6: sr: fix invalid unregister error path 2024-11-19 12:26:57 +01:00
iucv net/iucv: fix the allocation size of iucv_path_table array 2024-11-19 08:44:36 +01:00
kcm net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function 2024-11-19 08:44:50 +01:00
key
l2tp net l2tp: drop flow hash on forward 2024-11-19 11:32:42 +01:00
l3mdev
lapb
llc llc: call sock_orphan() at release time 2024-11-18 12:13:22 +01:00
mac80211 kcov: Remove kcov include from sched.h and move it to its users. 2024-11-19 11:32:46 +01:00
mac802154 mac802154: fix llsec key resources release in mac802154_llsec_key_del 2024-11-19 09:22:33 +01:00
mpls
mptcp mptcp: ensure snd_nxt is properly initialized on connect 2024-11-19 12:26:50 +01:00
ncm
ncsi
netfilter netfilter: nf_tables: honor table dormant flag from netdev release event path 2024-11-19 11:32:37 +01:00
netlabel
netlink netlink: annotate lockless accesses to nlk->max_recvmsg_len 2024-11-19 12:26:38 +01:00
netrom netrom: fix possible dead-lock in nr_rt_ioctl() 2024-11-19 12:27:00 +01:00
nfc nfc: nci: Fix uninit-value in nci_rx_work 2024-11-19 12:27:09 +01:00
nsh nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). 2024-11-19 11:32:42 +01:00
openvswitch net: openvswitch: fix overwriting ct original tuple for ICMPv6 2024-11-19 12:26:57 +01:00
packet af_packet: do not call packet_read_pending() from tpacket_destruct_skb() 2024-11-19 12:27:00 +01:00
phonet phonet: fix rtm_phonet_notify() skb allocation 2024-11-19 11:32:46 +01:00
psample
qrtr
rds net/rds: fix possible cp null dereference 2024-11-19 09:22:45 +01:00
rfkill
rose
rxrpc rxrpc: Fix response to PING RESPONSE ACKs to a dead call 2024-11-18 12:13:25 +01:00
sched net/sched: act_skbmod: prevent kernel-infoleak 2024-11-19 09:22:46 +01:00
sctp
skb_tracer
smc net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() 2024-11-19 09:23:13 +01:00
strparser
sunrpc SUNRPC: Fix gss_free_in_token_pages() 2024-11-19 12:26:59 +01:00
switchdev
tipc tipc: fix UAF in error path 2024-11-19 11:32:48 +01:00
tls tls: stop recv() if initial process_rx_list gave us non-DATA 2024-11-18 22:25:42 +01:00
unix af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg 2024-11-19 12:26:57 +01:00
vmw_vsock
wimax
wireless wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class 2024-11-19 12:26:51 +01:00
x25 net/x25: fix incorrect parameter validation in the x25_getsockopt() function 2024-11-19 08:44:50 +01:00
xdp xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING 2024-11-19 11:32:19 +01:00
xfrm xfrm: Preserve vlan tags for transport mode software GRO 2024-11-19 11:32:45 +01:00
compat.c
devres.c
Kconfig
Makefile
socket.c
sysctl_net.c
TEST_MAPPING