KDKernelDiff

commit detail

net/tls: bounds-check record length before copy

Fixes an out-of-bounds read triggered by a malformed TLS record length field.

7b12e08net/tlsSecurityBug fixCVE-2026-31902

Technical summary

Validates rec_len against skb payload before memcpy in the TLS software path and drops malformed records.

User impact

Important for servers or clients that rely on kernel TLS acceleration.

Seen in releases

Provenance

Parsed from commit/trailersAI summary

Changed files

1 files
Mnet/tls/tls_sw.cnet/tlssource+9-2