Re: [PATCH v1] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

From: Lin Ma
Date: Wed Jul 26 2023 - 09:33:13 EST

Next message: Namhyung Kim: "[PATCH 1/2] perf build: Update build rule for generated files"
Previous message: Udit Kumar: "[PATCH v2] arm64: defconfig: Enable various configs for TI platforms"
In reply to: Leon Romanovsky: "Re: [PATCH v1] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH"
Next in thread: Leon Romanovsky: "Re: [PATCH v1] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Leon,

>
> This CVE is a joke, you need to be root to execute this attack.
>

Not really, this call routine only checks

if (!netlink_net_capable(skb, CAP_NET_ADMIN))
return -EPERM;

and any users in most vendor kernel can create a network namespace to
get such privilege and trigger this bug.

> Anyway change is ok.
> Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxx>

Regards
Lin

Next message: Namhyung Kim: "[PATCH 1/2] perf build: Update build rule for generated files"
Previous message: Udit Kumar: "[PATCH v2] arm64: defconfig: Enable various configs for TI platforms"
In reply to: Leon Romanovsky: "Re: [PATCH v1] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH"
Next in thread: Leon Romanovsky: "Re: [PATCH v1] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]