Re: [PATCH] caif: fix integer underflow in cffrml_receive()

Next message: Ryan Roberts: "Re: [PATCH 2/2] mm/madvise: Use set_pte() to write page tables"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH] net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant"
In reply to: Simon Horman: "Re: [PATCH] caif: fix integer underflow in cffrml_receive()"
Next in thread: David Laight: "Re: [PATCH] caif: fix integer underflow in cffrml_receive()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+netdevbpf

Date: Thu Dec 11 2025 - 04:45:05 EST

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@xxxxxxxxxx>:

On Thu, 04 Dec 2025 21:30:47 +0800 you wrote:
> The cffrml_receive() function extracts a length field from the packet
> header and, when FCS is disabled, subtracts 2 from this length without
> validating that len >= 2.
>
> If an attacker sends a malicious packet with a length field of 0 or 1
> to an interface with FCS disabled, the subtraction causes an integer
> underflow.
>
> [...]

Here is the summary with links:
- caif: fix integer underflow in cffrml_receive()
https://git.kernel.org/netdev/net/c/8a11ff0948b5

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html