* Re: Subject: [SECURITY] sctp: diag: uninit kernel stack leak via INET_DIAG_LOCALS/PEERS
[not found] <CAG245UPnx9BOWdG7EMh6jQrHeShjRZYaPM_ah_sMPeN82U+gpA@mail.gmail.com>
@ 2026-07-14 6:29 ` Greg KH
0 siblings, 0 replies; only message in thread
From: Greg KH @ 2026-07-14 6:29 UTC (permalink / raw)
To: omeux; +Cc: Marcelo Ricardo Leitner, Xin Long, security, linux-sctp
On Tue, Jul 14, 2026 at 02:19:00PM +0800, omeux wrote:
> 5. Suggested fix
> ---------------------------------------------------------------
> - Suspected location: net/sctp/diag.c inet_diag_msg_sctpladdrs_fill()
> and inet_diag_msg_sctpaddrs_fill(); the uninit source is in
> net/sctp/protocol.c sctp_v4_from_skb()/sctp_v4_from_addr_param().
> - Proposed and tested fix: zero the full sockaddr_storage slot first,
> then copy only the actually-initialized length of the address
> (sizeof(struct sockaddr_in) for AF_INET, sizeof(union sctp_addr)
> otherwise) so the uninitialized tail never reaches userspace.
>
> Fixes: 8f840e47f190 ("sctp: add the sctp_diag.c file")
> Cc: stable@vger.kernel.org
> Signed-off-by: Your Name <you@example.com>
Please turn this into a patch that can be applied, and properly use your
name and the Assisted-by: tag showing that you used an LLM for this
thing, so that it can be considered as a real patch.
Also, when cc:ing a public mailing list, no need to get
security@kernel.org involved.
thanks,
greg k-h
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-07-14 6:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CAG245UPnx9BOWdG7EMh6jQrHeShjRZYaPM_ah_sMPeN82U+gpA@mail.gmail.com>
2026-07-14 6:29 ` Subject: [SECURITY] sctp: diag: uninit kernel stack leak via INET_DIAG_LOCALS/PEERS Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.