Files · a708044d35ab7c26ccbeeded1548a0434e7d9a63 · staging / src-code / el9-upstream-kernel

An error occurred while fetching folder content.
Merge: CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation
Augusto Caringi authored 3 weeks ago
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/6472

JIRA: https://issues.redhat.com/browse/RHEL-81462


CVE: CVE-2025-21787

```
commit 5bef3ac184b5626ea62385d6b82a1992b89d7940
Author: Eric Dumazet <edumazet@google.com>
Date:   Wed Feb 12 13:49:28 2025 +0000

    team: better TEAM_OPTION_TYPE_STRING validation

    syzbot reported following splat [1]

    Make sure user-provided data contains one nul byte.

    [1]
     BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline]
     BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714
      string_nocheck lib/vsprintf.c:633 [inline]
      string+0x3ec/0x5f0 lib/vsprintf.c:714
      vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843
      __request_module+0x252/0x9f0 kernel/module/kmod.c:149
      team_mode_get drivers/net/team/team_core.c:480 [inline]
      team_change_mode drivers/net/team/team_core.c:607 [inline]
      team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401
      team_option_set drivers/net/team/team_core.c:375 [inline]
      team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662
      genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
      genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
      genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210
      netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543
      genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219
      netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
      netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348
      netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892
      sock_sendmsg_nosec net/socket.c:718 [inline]
      __sock_sendmsg+0x30f/0x380 net/socket.c:733
      ____sys_sendmsg+0x877/0xb60 net/socket.c:2573
      ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627
      __sys_sendmsg net/socket.c:2659 [inline]
      __do_sys_sendmsg net/socket.c:2664 [inline]
      __se_sys_sendmsg net/socket.c:2662 [inline]
      __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662
      x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47
      do_syscall_x64 arch/x86/entry/common.c:52 [inline]
      do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
     entry_SYSCALL_64_after_hwframe+0x77/0x7f

    Fixes: 3d249d4c ("net: introduce ethernet teaming device")
Reported-by:  <syzbot+1fcd957a82e3a1baa94d@syzkaller.appspotmail.com>
    Closes: https://syzkaller.appspot.com/bug?extid=1fcd957a82e3a1baa94d


Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
    Link: https://patch.msgid.link/20250212134928.1541609-1-edumazet@google.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org&gt;```>

Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>

---

<small>Created 2025-02-27 22:22 UTC by backporter - [KWF FAQ](https://red.ht/kernel_workflow_doc) - [Slack #team-kernel-workflow](https://redhat-internal.slack.com/archives/C04LRUPMJQ5) - [Source](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/webhook/utils/backporter.py) - [Documentation](https://gitlab.com/cki-project/kernel-workflow/-/blob/main/docs/README.backporter.md) - [Report an issue](https://gitlab.com/cki-project/kernel-workflow/-/issues/new?issue%5Btitle%5D=backporter%20webhook%20issue)</small

>

Approved-by: Guillaume Nault <gnault@redhat.com>
Approved-by: Florian Westphal <fwestpha@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>

Merged-by: Augusto Caringi <acaringi@redhat.com>
a708044d
History
a708044d 3 weeks ago
History
Name	Last commit	Last update