Re: [PATCH 3/6] net: (actually/better) deal with CVE-2022-{30790, 30552}
I tested these patches with my exploit. At the moment it looks like the vulnerability has been fixed.
Re: [PATCH 3/6] net: (actually/better) deal with CVE-2022-{30790, 30552}
I found this problem while porting a security patch to my uboot. I've created a PoC exploit which can hang uboot during ping command (even with commit b85d130ea0cac152c21ec38ac9417b31d41b5552). In my case changing: if (ip->ip_len < IP_MIN_FRAG_DATAGRAM_SIZE) to: if (ntohs(ip->ip_len) <