CVE-2022-48687

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix out-of-bounds read when setting HMAC data. The SRv6 layer allows defining HMAC data that can later be used to sign IPv6 Segment Routing Headers. This configuration is realised via netlink through four attributes:...

CVE-2022-48687

CVE-2022-48687 affects the Linux kernel SRv6 HMAC configuration. The vulnerability stems from the SECRETLEN length being decoupled from SECRET, allowing invalid combinations (e.g., secret="", secretlen=64) that an attacker can craft via netlink to trigger an out-of-bounds read of up to 64 bytes p...