xfrm Out-Of-Bounds Read


xfrm Out-Of-Bounds Read Posted Jul 12, 2017 Authored by bo Zhang When dealing with XFRM_MSG_MIGRATE message, xfrm_migrate func does not check dir value of xfrm_userpolicy_id. This will cause out of bound access to net->xfrm.policy_bydst in policy_hash_direct func and others when dir value exceeds XFRM_POLICY_MAX.

Read full news article on Packet Storm