Re: [PATCH net] net: hsr: fix potential OOB access in supervision frame handling

Next message: David Laight: "Re: [PATCH net] vsock/virtio: fix skb overhead overflow on 32-bit builds"
Previous message: Luka Gejak: "Re: [PATCH v7] staging: rtl8723bs: fix remote heap info disclosure and OOB reads"
In reply to: luka . gejak: "[PATCH net] net: hsr: fix potential OOB access in supervision frame handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Fernando Fernandez Mancera

Date: Sat May 23 2026 - 12:34:15 EST

On 5/23/26 3:03 PM, luka.gejak@xxxxxxxxx wrote:

From: Luka Gejak <luka.gejak@xxxxxxxxx>

Ensure the entire TLV header is linearized before access by adding
sizeof(struct hsr_sup_tlv) to the pskb_may_pull() calls. Without this,
a truncated frame could cause an out-of-bounds access.

Assisted-by: Gemini:Gemini-3.1-flash
Fixes: eafaa88b3eb7 ("net: hsr: Add support for redbox supervision frames")
Signed-off-by: Luka Gejak <luka.gejak@xxxxxxxxx>

Reviewed-by: Fernando Fernandez Mancera <fmancera@xxxxxxx>

Thanks!