[PATCH net v3 0/4] rxrpc: Better fix for DATA/RESPONSE decrypt vs splice()
patchwork-bot+netdevbpf at kernel.org
patchwork-bot+netdevbpf at kernel.org
Thu May 14 10:12:50 PDT 2026
Hello:
This series was applied to netdev/net.git (main)
by Linus Torvalds <torvalds at linux-foundation.org>:
On Thu, 14 May 2026 16:52:58 +0100 you wrote:
> Here are two patches containing better fixes for the in-place decryption of
> DATA and RESPONSE packets that can corrupt pagecache spliced into UDP
> packets and sent to an AF_RXRPC server [CVE-2026-43500], plus a patch to
> precheck the length of rxgk-secured DATA packets.
>
> [!] Note that Hyunwoo Kim's fix is included as that is a prerequisite for
> the main patches to build. This is in Linus's tree, but not yet net/main.
>
> [...]
Here is the summary with links:
- [net,v3,1/4] rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
https://git.kernel.org/netdev/net/c/aa54b1d27fe0
- [net,v3,2/4] crypto/krb5, rxrpc: Fix lack of pre-decrypt/pre-verify length checks
(no matching commit)
- [net,v3,3/4] rxrpc: Fix DATA decrypt vs splice() by copying data to buffer in recvmsg
(no matching commit)
- [net,v3,4/4] rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer
(no matching commit)
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
More information about the linux-afs
mailing list