Bug#782561: please backport commit ccfe8c3f7e52 from upstream
On Mon, Apr 20, 2015 at 09:17:22AM +0200, Romain Francoise wrote:
>
> For example, here's a photo I took of the crash on 3.18.4:
>
> https://orebokech.com/tmp/IMG_20150129_181653.jpg
OK I have reviewed this and indeed it does appear that the bug
can be triggered. The trick appears to be making sure that your
input packet is fragmented. That should then activate the kmalloc
path and lead to the memory corruption.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: