CVE-2023-53462

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hsr: Fix uninit-value access in fill_frame_info()<br /> <br /> Syzbot reports the following uninit-value access problem.<br /> <br /> =====================================================<br /> BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline]<br /> BUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616<br /> fill_frame_info net/hsr/hsr_forward.c:601 [inline]<br /> hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616<br /> hsr_dev_xmit+0x192/0x330 net/hsr/hsr_device.c:223<br /> __netdev_start_xmit include/linux/netdevice.h:4889 [inline]<br /> netdev_start_xmit include/linux/netdevice.h:4903 [inline]<br /> xmit_one net/core/dev.c:3544 [inline]<br /> dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3560<br /> __dev_queue_xmit+0x34d0/0x52a0 net/core/dev.c:4340<br /> dev_queue_xmit include/linux/netdevice.h:3082 [inline]<br /> packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276<br /> packet_snd net/packet/af_packet.c:3087 [inline]<br /> packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119<br /> sock_sendmsg_nosec net/socket.c:730 [inline]<br /> sock_sendmsg net/socket.c:753 [inline]<br /> __sys_sendto+0x781/0xa30 net/socket.c:2176<br /> __do_sys_sendto net/socket.c:2188 [inline]<br /> __se_sys_sendto net/socket.c:2184 [inline]<br /> __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184<br /> do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]<br /> __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178<br /> do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203<br /> do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246<br /> entry_SYSENTER_compat_after_hwframe+0x70/0x82<br /> <br /> Uninit was created at:<br /> slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767<br /> slab_alloc_node mm/slub.c:3478 [inline]<br /> kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523<br /> kmalloc_reserve+0x148/0x470 net/core/skbuff.c:559<br /> __alloc_skb+0x318/0x740 net/core/skbuff.c:644<br /> alloc_skb include/linux/skbuff.h:1286 [inline]<br /> alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6299<br /> sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2794<br /> packet_alloc_skb net/packet/af_packet.c:2936 [inline]<br /> packet_snd net/packet/af_packet.c:3030 [inline]<br /> packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119<br /> sock_sendmsg_nosec net/socket.c:730 [inline]<br /> sock_sendmsg net/socket.c:753 [inline]<br /> __sys_sendto+0x781/0xa30 net/socket.c:2176<br /> __do_sys_sendto net/socket.c:2188 [inline]<br /> __se_sys_sendto net/socket.c:2184 [inline]<br /> __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184<br /> do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]<br /> __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178<br /> do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203<br /> do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246<br /> entry_SYSENTER_compat_after_hwframe+0x70/0x82<br /> <br /> It is because VLAN not yet supported in hsr driver. Return error<br /> when protocol is ETH_P_8021Q in fill_frame_info() now to fix it.