Re: [PATCH v1] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

From: Leon Romanovsky
Date: Sun Jul 30 2023 - 07:02:03 EST

Next message: Mike Galbraith: "Re: arm64: perf test 26 rpi4 oops"
Previous message: Zhu Yanjun: "Re: [PATCH 03/13] scatterlist: Add sg_set_folio()"
In reply to: Lin Ma: "Re: [PATCH v1] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 26, 2023 at 09:32:43PM +0800, Lin Ma wrote:
> Hello Leon,
>
> >
> > This CVE is a joke, you need to be root to execute this attack.
> >
>
> Not really, this call routine only checks
>
> if (!netlink_net_capable(skb, CAP_NET_ADMIN))
> return -EPERM;
>
> and any users in most vendor kernel can create a network namespace to
> get such privilege and trigger this bug.

ok, fair enough.

>
> > Anyway change is ok.
> > Reviewed-by: Leon Romanovsky <leonro@xxxxxxxxxx>
>
> Regards
> Lin

Next message: Mike Galbraith: "Re: arm64: perf test 26 rpi4 oops"
Previous message: Zhu Yanjun: "Re: [PATCH 03/13] scatterlist: Add sg_set_folio()"
In reply to: Lin Ma: "Re: [PATCH v1] xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]