kernel

History

Andrew Lukoshko b0ff80e02d Bump version to 5.14.0-611.54.4 net: skbuff: propagate shared-frag marker through pskb_copy() Sibling fix to the xfrm/esp shared-frag patch shipped in 611.54.2. __pskb_copy_fclone() and skb_try_coalesce() shallow-copied frag descriptors without propagating SKBFL_SHARED_FRAG, so destinations referencing externally-owned pages reported skb_has_shared_frag() as false. Combined with an nft 'dup to <local>' rule (or any other nf_dup_ipv4 / xt_TEE caller), this lets an unprivileged user write into the page cache of a root-owned read-only file via ESP-input in-place decryption. Backport of https://lore.kernel.org/all/agRfuVOeMI5pbHhY@v4bel/	2026-05-13 13:19:43 +00:00
..
kernel.spec	Bump version to 5.14.0-611.54.4	2026-05-13 13:19:43 +00:00

Andrew Lukoshko b0ff80e02d Bump version to 5.14.0-611.54.4

net: skbuff: propagate shared-frag marker through pskb_copy()

Sibling fix to the xfrm/esp shared-frag patch shipped in 611.54.2.
__pskb_copy_fclone() and skb_try_coalesce() shallow-copied frag
descriptors without propagating SKBFL_SHARED_FRAG, so destinations
referencing externally-owned pages reported skb_has_shared_frag()
as false. Combined with an nft 'dup to <local>' rule (or any other
nf_dup_ipv4 / xt_TEE caller), this lets an unprivileged user write
into the page cache of a root-owned read-only file via ESP-input
in-place decryption.

Backport of https://lore.kernel.org/all/agRfuVOeMI5pbHhY@v4bel/

2026-05-13 13:19:43 +00:00

kernel.spec

Bump version to 5.14.0-611.54.4

2026-05-13 13:19:43 +00:00