CVE-2022-48711

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tipc: improve size validations for received domain records<br /> <br /> The function tipc_mon_rcv() allows a node to receive and process<br /> domain_record structs from peer nodes to track their views of the<br /> network topology.<br /> <br /> This patch verifies that the number of members in a received domain<br /> record does not exceed the limit defined by MAX_MON_DOMAIN, something<br /> that may otherwise lead to a stack overflow.<br /> <br /> tipc_mon_rcv() is called from the function tipc_link_proto_rcv(), where<br /> we are reading a 32 bit message data length field into a uint16. To<br /> avert any risk of bit overflow, we add an extra sanity check for this in<br /> that function. We cannot see that happen with the current code, but<br /> future designers being unaware of this risk, may introduce it by<br /> allowing delivery of very large (&gt; 64k) sk buffers from the bearer<br /> layer. This potential problem was identified by Eric Dumazet.<br /> <br /> This fixes CVE-2022-0435