cve/published/2023/CVE-2023-53040.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.1.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-53040: ca8210: fix mac_len negative array access

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ca8210: fix mac_len negative array access

 This patch fixes a buffer overflow access of skb->data if
 ieee802154_hdr_peek_addrs() fails.

 The Linux kernel CVE team has assigned CVE-2023-53040 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.14.312 with commit 55d836f75778d2e2cafe37e023f9c106400bad4b
 	Fixed in 4.19.280 with commit 5da4469a7aa011de614c3e2ae383c35a353a382e
 	Fixed in 5.4.240 with commit d2b3bd0d4cadfdb7f3454d2aef9d5d9e8b48aae4
 	Fixed in 5.10.177 with commit 7df72bedbdd1d02bb216e1f6eca0a16900238c4e
 	Fixed in 5.15.105 with commit d143e327c97241599c958d1ba9fbaa88c37db721
 	Fixed in 6.1.22 with commit fd176a18db96d574d8c4763708abcec4444a08b6
 	Fixed in 6.2.9 with commit 918944526a386f186dd818ea6b0bcbed75d8c16b
 	Fixed in 6.3 with commit 6c993779ea1d0cccdb3a5d7d45446dd229e610a3

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-53040
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/ieee802154/ca8210.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/55d836f75778d2e2cafe37e023f9c106400bad4b
 	https://git.kernel.org/stable/c/5da4469a7aa011de614c3e2ae383c35a353a382e
 	https://git.kernel.org/stable/c/d2b3bd0d4cadfdb7f3454d2aef9d5d9e8b48aae4
 	https://git.kernel.org/stable/c/7df72bedbdd1d02bb216e1f6eca0a16900238c4e
 	https://git.kernel.org/stable/c/d143e327c97241599c958d1ba9fbaa88c37db721
 	https://git.kernel.org/stable/c/fd176a18db96d574d8c4763708abcec4444a08b6
 	https://git.kernel.org/stable/c/918944526a386f186dd818ea6b0bcbed75d8c16b
 	https://git.kernel.org/stable/c/6c993779ea1d0cccdb3a5d7d45446dd229e610a3
	From bippy-1.1.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-53040: ca8210: fix mac_len negative array access

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ca8210: fix mac_len negative array access

	This patch fixes a buffer overflow access of skb->data if
	ieee802154_hdr_peek_addrs() fails.

	The Linux kernel CVE team has assigned CVE-2023-53040 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.14.312 with commit 55d836f75778d2e2cafe37e023f9c106400bad4b
	Fixed in 4.19.280 with commit 5da4469a7aa011de614c3e2ae383c35a353a382e
	Fixed in 5.4.240 with commit d2b3bd0d4cadfdb7f3454d2aef9d5d9e8b48aae4
	Fixed in 5.10.177 with commit 7df72bedbdd1d02bb216e1f6eca0a16900238c4e
	Fixed in 5.15.105 with commit d143e327c97241599c958d1ba9fbaa88c37db721
	Fixed in 6.1.22 with commit fd176a18db96d574d8c4763708abcec4444a08b6
	Fixed in 6.2.9 with commit 918944526a386f186dd818ea6b0bcbed75d8c16b
	Fixed in 6.3 with commit 6c993779ea1d0cccdb3a5d7d45446dd229e610a3

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-53040
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/ieee802154/ca8210.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/55d836f75778d2e2cafe37e023f9c106400bad4b
	https://git.kernel.org/stable/c/5da4469a7aa011de614c3e2ae383c35a353a382e
	https://git.kernel.org/stable/c/d2b3bd0d4cadfdb7f3454d2aef9d5d9e8b48aae4
	https://git.kernel.org/stable/c/7df72bedbdd1d02bb216e1f6eca0a16900238c4e
	https://git.kernel.org/stable/c/d143e327c97241599c958d1ba9fbaa88c37db721
	https://git.kernel.org/stable/c/fd176a18db96d574d8c4763708abcec4444a08b6
	https://git.kernel.org/stable/c/918944526a386f186dd818ea6b0bcbed75d8c16b
	https://git.kernel.org/stable/c/6c993779ea1d0cccdb3a5d7d45446dd229e610a3