From: Mathieu Xhonneux
Date: Fri, 25 May 2018 13:29:41 +0100
> seg6_do_srh_encap and seg6_do_srh_inline can possibly do an
> out-of-bounds access when adding the SRH to the packet. This no longer
> happen when expanding the skb not only by the size of the SRH (+
> outer IPv6 header), but also by
seg6_do_srh_encap and seg6_do_srh_inline can possibly do an
out-of-bounds access when adding the SRH to the packet. This no longer
happen when expanding the skb not only by the size of the SRH (+
outer IPv6 header), but also by skb->mac_len.
[ 53.793056] BUG: KASAN: use-after-free in seg6_do_srh
