All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg KH <greg@kroah.com>
To: 钱一铭 <yimingqian591@gmail.com>
Cc: security@kernel.org, netdev@vger.kernel.org
Subject: Re: [SECURITY] ipv6: opt_flen wrap via repeated IPV6_DSTOPTS cmsgs triggers skb_under_panic (local DoS)
Date: Wed, 1 Apr 2026 15:39:38 +0200	[thread overview]
Message-ID: <2026040101-schilling-serpent-09cb@gregkh> (raw)
In-Reply-To: <CAL_bE8+MpRX-B4wn_-9kqMDQXJDxV2GgTJi_X+WA9GoaoV_gMA@mail.gmail.com>

On Wed, Apr 01, 2026 at 08:56:22PM +0800, 钱一铭 wrote:
> Hi,
> 
> I believe I found a locally triggerable kernel bug in the IPv6 sendmsg
> ancillary-data path that can panic the kernel via `skb_under_panic()`
> (local DoS).

As you've sent this to netdev, which is public, no need for security@k.o
to get involved here.

Also, as you have a reproducer, can you make a patch to fix this so you
get full credit for the fix?

thanks,

greg k-h

      reply	other threads:[~2026-04-01 13:39 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-01 12:56 [SECURITY] ipv6: opt_flen wrap via repeated IPV6_DSTOPTS cmsgs triggers skb_under_panic (local DoS) 钱一铭
2026-04-01 13:39 ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2026040101-schilling-serpent-09cb@gregkh \
    --to=greg@kroah.com \
    --cc=netdev@vger.kernel.org \
    --cc=security@kernel.org \
    --cc=yimingqian591@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.