In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro fooling u32_classify(): BUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0 net/sched/cls_u32.c:221
| Version | Score | Severity | Vector String |
|---|---|---|---|
| 3.1 | 7.1 | High | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
| Product | Vendor | Version |
|---|---|---|
| Linux | Linux | < 10.0.17763.7792 |
| Linux | Linux | 9.0.1.1049 |
| Linux | Linux | n/a |
| Linux | Linux | < 10.0.14393.8422 |