在 2022/1/24 9:03, yiyuchangchun@126.com 写道:
From: Lin Ma <linma@zju.edu.cn>
mainline inclusion from mainline-v5.16-rc1 commit aedddb4e45b34426cfbfa84454b6f203712733c5 category: bugfix issue: #I4RVJ4 CVE: CVE-2021-4202
Signed-off-by: Yu Changchun <yuchangchun1@huawei.com> ----------------------------------
The CAP_NET_ADMIN checks are needed to prevent attackers faking a device under NCIUARTSETDRIVER and exploit privileged commands.
This patch add GENL_ADMIN_PERM flags in genl_ops to fulfill the check. Except for commands like NFC_CMD_GET_DEVICE, NFC_CMD_GET_TARGET, NFC_CMD_LLC_GET_PARAMS, and NFC_CMD_GET_SE, which are mainly information- read operations.
Signed-off-by: Lin Ma <linma@zju.edu.cn> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Yu Changchun <yuchangchun1@huawei.com> --- net/nfc/netlink.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
Reviewed-by: Wei Yongjun <weiyongjun1@huawei.com>