ALAS-2017-811 ---- kernel perfID: oval:org.secpod.oval:def:1600521 | Date: (C)2017-04-03 (M)2023-12-20 |
Class: PATCH | Family: unix |
The skbs processed by ip_cmsg_recv are not guaranteed to be linear . Using csum_partial on potentially the whole skb len is dangerous; instead be on the safe side and use skb_checksum. This may lead to an infoleak as the kernel memory may be checksummed and sent as part of the packet. It was discovered that xfrm_replay_verify_len, as called by xfrm_new_ae, did not verify that the user-specified replay_window was within the replay state buffer. This allowed for out-of-bounds reads and writes of kernel memory.
Platform: |
Amazon Linux AMI |