)]}'
{
  "commit": "10bbf697f8e541efa67b89083f5fa0c172b7bd84",
  "tree": "bb5c178dc3a17792c31188716fa5f10ba45e8e58",
  "parents": [
    "06738d8763ffe3fc8763e570f31cf3a872da76c7"
  ],
  "author": {
    "name": "Sabrina Dubroca",
    "email": "sd@queasysnail.net",
    "time": "Tue Oct 01 18:48:14 2024 +0200"
  },
  "committer": {
    "name": "Michael Kochera",
    "email": "kochera@google.com",
    "time": "Mon Dec 02 01:28:15 2024 +0000"
  },
  "message": "xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\n[ Upstream commit 3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563 ]\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n    usersa.sel.family \u003d AF_UNSPEC\n    usersa.sel.prefixlen_s \u003d 128\n    usersa.family \u003d AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on.\n\nBUG\u003db/380569104\nTEST\u003dpresubmit\nRELEASE_NOTE\u003dFixed CVE-2024-50142 in the Linux kernel.\n\ncos-patch: security-moderate\nReported-by: syzbot+cc39f136925517aed571@syzkaller.appspotmail.com\nFixes: 1da177e4c3f4 (\"Linux-2.6.12-rc2\")\nChange-Id: I2202e844f60faf0db832b52151b4b0ca067c851d\nSigned-off-by: Sabrina Dubroca \u003csd@queasysnail.net\u003e\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nSigned-off-by: Antony Antony \u003cantony.antony@secunet.com\u003e\nSigned-off-by: Sasha Levin \u003csashal@kernel.org\u003e\nSigned-off-by: Kernel CVE Triage Automation \u003ccloud-image-kernel-cve-triage-automation@prod.google.com\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/87267\nReviewed-by: Michael Kochera \u003ckochera@google.com\u003e\nReviewed-by: Arnav Kansal \u003crnv@google.com\u003e\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "35b775cf233cdef38e81f9135e6c48f7ed0a5e13",
      "old_mode": 33188,
      "old_path": "net/xfrm/xfrm_user.c",
      "new_id": "1d91b42e799710107437c7635cd66b855c998605",
      "new_mode": 33188,
      "new_path": "net/xfrm/xfrm_user.c"
    }
  ]
}