CVE-2023-53133
bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser()
References
Notes
carnil> Introduced in 1f5be6b3b063 ("udp: Implement udp_bpf_recvmsg() for sockmap")
carnil> 9825d866ce0d ("af_unix: Implement unix_dgram_bpf_recvmsg()")
carnil> c5d2177a72a1 ("bpf, sockmap: Fix race in ingress receive verdict with redirect
carnil> to self")
carnil> 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface"). Vulnerable
carnil> versions: 4.20.
Bugs
Status
| Branch |
Status |
| upstream |
released (6.3-rc2) [d900f3d20cc3169ce42ec72acc850e662a4d4db2]
|
| 6.18-upstream-stable |
N/A "Fixed before branching point"
|
| 6.17-upstream-stable |
N/A "Fixed before branching point"
|
| 6.14-upstream-stable |
N/A "Fixed before branching point"
|
| 6.12-upstream-stable |
N/A "Fixed before branching point"
|
| 6.6-upstream-stable |
N/A "Fixed before branching point"
|
| 6.1-upstream-stable |
released (6.1.20) [f45cf3ae3068e70e2c7f3e24a7f8e8aa99511f03]
|
| 5.10-upstream-stable |
needed
|
| sid |
released (6.1.20-1)
|
| 6.12-trixie-security |
N/A "Fixed before branching point"
|
| 6.1-bookworm-security |
N/A "Fixed before branching point"
|
| 5.10-bullseye-security |
needed
|
