From 9cd43b3b89363ba950bcee780db37ea60d9c3436 Mon Sep 17 00:00:00 2001 From: Bastandern Date: Thu, 23 Oct 2025 22:01:27 +0800 Subject: [PATCH 1/2] net: openvswitch: Fix CVE-2022-2639 OOB access --- debian/changelog | 6 ++++++ net/openvswitch/flow_netlink.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index f28c62ecae32..4d397966bd62 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +linux (6.6.0-15.0ok4) nile; urgency=medium + [ bastandern ] + * security: Fix CVE-2022-2639 OOB access in openvswitch. + + -- bastandern Thu, 23 Oct 2025 22:48:09 +0900 + linux (6.6.0-15.0ok3) nile; urgency=medium [ Yongzhen Zhang ] diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c index ebc5728aab4e..fa4afba90e64 100644 --- a/net/openvswitch/flow_netlink.c +++ b/net/openvswitch/flow_netlink.c @@ -2468,7 +2468,7 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); if (new_acts_size > MAX_ACTIONS_BUFSIZE) { - if ((next_offset + req_size) > MAX_ACTIONS_BUFSIZE) { + if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { OVS_NLERR(log, "Flow action size exceeds max %u", MAX_ACTIONS_BUFSIZE); return ERR_PTR(-EMSGSIZE); -- Gitee From d1325f238b9a8554cab2d06f26814c2efff4fdc8 Mon Sep 17 00:00:00 2001 From: Bastandern Date: Wed, 26 Nov 2025 23:03:55 +0800 Subject: [PATCH 2/2] net: openvswitch: Fix CVE-2022-2639 OOB access --- debian/changelog | 6 ------ 1 file changed, 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4d397966bd62..f28c62ecae32 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,3 @@ -linux (6.6.0-15.0ok4) nile; urgency=medium - [ bastandern ] - * security: Fix CVE-2022-2639 OOB access in openvswitch. - - -- bastandern Thu, 23 Oct 2025 22:48:09 +0900 - linux (6.6.0-15.0ok3) nile; urgency=medium [ Yongzhen Zhang ] -- Gitee