CVE-2021-47496

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/tls: Fix flipped sign in tls_err_abort() calls<br /> <br /> sk-&gt;sk_err appears to expect a positive value, a convention that ktls<br /> doesn&amp;#39;t always follow and that leads to memory corruption in other code.<br /> For instance,<br /> <br /> [kworker]<br /> tls_encrypt_done(..., err=)<br /> tls_err_abort(.., err)<br /> sk-&gt;sk_err = err;<br /> <br /> [task]<br /> splice_from_pipe_feed<br /> ...<br /> tls_sw_do_sendpage<br /> if (sk-&gt;sk_err) {<br /> ret = -sk-&gt;sk_err; // ret is positive<br /> <br /> splice_from_pipe_feed (continued)<br /> ret = actor(...) // ret is still positive and interpreted as bytes<br /> // written, resulting in underflow of buf-&gt;len and<br /> // sd-&gt;len, leading to huge buf-&gt;offset and bogus<br /> // addresses computed in later calls to actor()<br /> <br /> Fix all tls_err_abort() callers to pass a negative error code<br /> consistently and centralize the error-prone sign flip there, throwing in<br /> a warning to catch future misuse and uninlining the function so it<br /> really does only warn once.