Re: [PATCH 4.14 0/1] ipv4: backport fix for CVE-2021-20322

29 Oct 2021

      On Fri, Oct 29, 2021 at 05:54:17PM +0300, Ovidiu Panait wrote:
...
The following commits are needed to fix CVE-2021-20322:
ipv4:
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
ipv6:
[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

Commit [2] is already present in 4.14 stable.
Commits [3] and [4] are not needed in 4.14, as there is no exception hash
table implementation for ipv6 (it was introduced in 4.15 by commit
35732d01fe31 ("ipv6: introduce a hash table to store dst cache")).
Therefore, backport only commit [1] with minor context adjustments.

Eric Dumazet (1):
  ipv4: use siphash instead of Jenkins in fnhe_hashfun()
net/ipv4/route.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
Queued up, thanks!
greg k-h

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH 4.14 0/1] ipv4: backport fix for CVE-2021-20322