packages/dpdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dpdk/0486-CVE-2024-11614-net-virtio-fix-Rx-checksum-calculation.patch
jiangheng 3cd268223a fix CVE-2024-11614 
(cherry picked from commit 0a6798b3ea9bc4e9992610381437a61aaeefed32)
2024-12-25 14:41:52 +08:00

38 lines
1.2 KiB
Diff
Raw Permalink Blame History

From e9c0ad133242c0bcb7801d2590e8bb5f7ac4ebfd Mon Sep 17 00:00:00 2001
From: Olivier Matz <olivier.matz@6wind.com>
Date: Thu, 28 Nov 2024 12:09:56 +0100
Subject: net/virtio: fix Rx checksum calculation
If hdr->csum_start is larger than packet length, the len argument passed
to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
Ignore checksum computation in this case.
CVE-2024-11614
Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
---
lib/vhost/virtio_net.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
index 9f74a3c997..5f446eaabf 100644
--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
@@ -2261,6 +2261,9 @@ vhost_dequeue_offload(struct virtio_net_hdr *hdr, struct rte_mbuf *m,
*/
uint16_t csum = 0, off;
+ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
+ return;
+
if (rte_raw_cksum_mbuf(m, hdr->csum_start,
rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
return;
--
cgit v1.2.3
Reference in New Issue View Git Blame Copy Permalink