kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message
The xfrmmigrate function in the net/xfrm/xfrmpolicy.c file in the Linux kernel built with CONFIGXFRMMIGRATE does not verify if the dir parameter is less than XFRMPOLICYMAX. This allows a local attacker to cause a denial of service out-of-bounds access or possibly have unspecified other impact by...