Key Information Summary Vulnerability Description: - Root Cause: - Obviously invalid user-space-provided values can bypass validation, leading to undefined behavior (UB) or invalid frames being queued for transmission. - When is close to and is non-zero, a positive integer overflow and wraparound may occur. Similarly, a low value combined with a non-zero may cause a negative integer overflow. Both cases can pass validation successfully. Solution: - Promote to to prevent positive overflow, and explicitly use to validate (already ). Code Changes: - Bloat-o-meter reports minor code size increase: Related Patches and Reviews: - Fixes GitHub: intended to pass - Cc: stable@vger.kernel.org #6.8 - Signed-off-by: Alexander Lobakin - Reviewed-by: Jason Xing - Reviewed-by: Maciej Fijalkowski - Signed-off-by: Alexei Starovoitov - Signed-off-by: Greg Kroah-Hartman