mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
aa58acf325b4aadeecae2bfc90658273b47dbace
linux/drivers/net
History
Jinbum Park 3a2af7cccb mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom 
User controls @idx which to be used as index of hwsim_world_regdom_custom.
So, It can be exploited via Spectre-like attack. (speculative execution)

This kind of attack leaks address of hwsim_world_regdom_custom,
It leads an attacker to bypass security mechanism such as KASLR.

So sanitize @idx before using it to prevent attack.

I leveraged strategy [1] to find and exploit this gadget.

[1] https://github.com/jinb-park/linux-exploit/tree/master/exploit-remaining-spectre-gadget/

Signed-off-by: Jinbum Park <jinb.park7@gmail.com>
[johannes: unwrap URL]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-08-28 11:14:56 +02:00
..
appletalk
arcnet
bonding
bonding: avoid lockdep confusion in bond_get_stats()
2018-08-01 09:34:07 -07:00
caif
can
can: ems_usb: Fix memory leak on ems_usb_disconnect()
2018-07-30 11:04:27 +02:00
dsa
net: dsa: mv88e6xxx: Fix SERDES support on 88E6141/6341
2018-07-31 10:36:59 -07:00
ethernet
net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan
2018-08-11 09:38:53 -07:00
fddi
net: fddi: fix a possible null-ptr-deref
2018-06-08 18:47:46 -04:00
fjes
hamradio
net: hamradio: use eth_broadcast_addr
2018-06-20 07:51:43 +09:00
hippi
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
hyperv
hv_netvsc: Fix napi reschedule while receive completion is busy
2018-07-18 15:23:30 -07:00
ieee802154
net: ieee802154: adf7242: Fix OCL calibration runs
2018-07-09 10:53:12 +02:00
ipvlan
ipvlan: call dev_change_flags when ipvlan mode is reset
2018-07-02 20:38:09 +09:00
netdevsim
netdevsim: don't leak devlink resources
2018-07-25 22:33:39 -07:00
phy
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
2018-07-28 19:07:38 -07:00
plip
ppp
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
slip
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
team
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
usb
net: lan78xx: fix rx handling before first packet is send
2018-07-28 14:29:49 -07:00
vmxnet3
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2018-05-21 16:01:54 -04:00
wan
drivers: net: lmc: fix case value for target abort error
2018-08-02 14:41:43 -07:00
wimax
wireless
mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
2018-08-28 11:14:56 +02:00
xen-netback
treewide: Use array_size() in vzalloc()
2018-06-12 16:19:22 -07:00
dummy.c
eql.c
geneve.c
net: fix use-after-free in GRO with ESP
2018-07-02 20:34:04 +09:00
gtp.c
treewide: kmalloc() -> kmalloc_array()
2018-06-12 16:19:22 -07:00
ifb.c
ifb: fix packets checksum
2018-05-28 23:02:22 -04:00
Kconfig
virtio_net: Extend virtio to use VF datapath when available
2018-05-28 22:59:54 -04:00
LICENSE.SRC
loopback.c
macsec.c
macvlan.c
macvtap.c
Makefile
net: Introduce net_failover driver
2018-05-28 22:59:54 -04:00
mdio.c
mii.c
net_failover.c
net: net_failover: fix typo in net_failover_slave_register()
2018-06-20 07:56:44 +09:00
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c
net: in virtio_net_hdr only add VLAN_HLEN to csum_start if payload holds vlan
2018-06-07 16:15:38 -04:00
thunderbolt.c
tun.c
tun: Fix use-after-free on XDP_TX
2018-07-16 13:38:29 -07:00
veth.c
virtio_net.c
virtio_net: Fix incosistent received bytes counter
2018-07-25 12:58:25 -07:00
vrf.c
vrf: add CRC32c offload to device features
2018-05-28 22:55:13 -04:00
vsockmon.c
vxlan.c
vxlan: fix default fdb entry netlink notify ordering during netdev create
2018-07-22 10:52:37 -07:00
xen-netfront.c
xen/netfront: don't cache skb_shinfo()
2018-08-11 09:41:58 -07:00