On Mon, 31 Jul 2023 18:42:35 +0200 Laszlo Ersek wrote:
The original patches fixing CVE-2023-1076 are incorrect in my opinion. This small series fixes them up; see the individual commit messages for explanation.
I have a very elaborate test procedure demonstrating the problem for both tun and tap; it involves libvirt, qemu, and "crash". I can share that procedure if necessary, but it's indeed quite long (I wrote it originally for our QE team).
The patches in this series are supposed to "re-fix" CVE-2023-1076; given that said CVE is classified as Low Impact (CVSSv3=5.5), I'm posting this publicly, and not suggesting any embargo. Red Hat Product Security may assign a new CVE number later.
I've tested the patches on top of v6.5-rc4, with "crash" built at commit c74f375e0ef7.
FTR this was applied yesterday to net. Thanks!