CVE-2021-47241

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ethtool: strset: fix message length calculation<br /> <br /> Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for.<br /> This may result in ETHTOOL_MSG_STRSET_GET producing a warning like:<br /> <br /> calculated message payload length (684) not sufficient<br /> WARNING: CPU: 0 PID: 30967 at net/ethtool/netlink.c:369 ethnl_default_doit+0x87a/0xa20<br /> <br /> and a splat.<br /> <br /> As usually with such warnings three conditions must be met for the warning<br /> to trigger:<br /> - there must be no skb size rounding up (e.g. reply_size of 684);<br /> - string set must be per-device (so that the header gets populated);<br /> - the device name must be at least 12 characters long.<br /> <br /> all in all with current user space it looks like reading priv flags<br /> is the only place this could potentially happen. Or with syzbot :)