CVE-2023-52700

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tipc: fix kernel warning when sending SYN message<br /> <br /> When sending a SYN message, this kernel stack trace is observed:<br /> <br /> ...<br /> [ 13.396352] RIP: 0010:_copy_from_iter+0xb4/0x550<br /> ...<br /> [ 13.398494] Call Trace:<br /> [ 13.398630] <br /> [ 13.398630] ? __alloc_skb+0xed/0x1a0<br /> [ 13.398630] tipc_msg_build+0x12c/0x670 [tipc]<br /> [ 13.398630] ? shmem_add_to_page_cache.isra.71+0x151/0x290<br /> [ 13.398630] __tipc_sendmsg+0x2d1/0x710 [tipc]<br /> [ 13.398630] ? tipc_connect+0x1d9/0x230 [tipc]<br /> [ 13.398630] ? __local_bh_enable_ip+0x37/0x80<br /> [ 13.398630] tipc_connect+0x1d9/0x230 [tipc]<br /> [ 13.398630] ? __sys_connect+0x9f/0xd0<br /> [ 13.398630] __sys_connect+0x9f/0xd0<br /> [ 13.398630] ? preempt_count_add+0x4d/0xa0<br /> [ 13.398630] ? fpregs_assert_state_consistent+0x22/0x50<br /> [ 13.398630] __x64_sys_connect+0x16/0x20<br /> [ 13.398630] do_syscall_64+0x42/0x90<br /> [ 13.398630] entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> <br /> It is because commit a41dad905e5a ("iov_iter: saner checks for attempt<br /> to copy to/from iterator") has introduced sanity check for copying<br /> from/to iov iterator. Lacking of copy direction from the iterator<br /> viewpoint would lead to kernel stack trace like above.<br /> <br /> This commit fixes this issue by initializing the iov iterator with<br /> the correct copy direction when sending SYN or ACK without data.