oss-security - Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 23 Jul 2013 12:49:54 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: P J P <ppandit@...hat.com>
Cc: oss security list <oss-security@...ts.openwall.com>
Subject: Re: CVE request: Linux kernel: panic while appending
 data to a corked IPv6 socket in ip6_append_data_mtu

On Wed, Jul 24, 2013 at 01:06:38AM +0530, P J P wrote:
>   Hi,
> 
> Linux kernel built with the IPv6 networking support is vulnerable to a crash
> while appending data to an IPv6 socket with UDP_CORKED option set. UDP_CORK

UDP_CORKED? I don't see this string in my /usr/include/ or recent Linux
git tree.

Am I missing something?

Thanks

> enables accumulating data and sending it as single datagram.
> 
> An unprivileged user/program could use this flaw to crash the
> kernel, resulting in local DoS.
> 
> Upstream fix:
> -------------
>  -> https://git.kernel.org/linus/75a493e60ac4bbe2e977e7129d6d8cbb0dd236be
> 
> Reference:
> ----------
>  -> https://bugzilla.redhat.com/show_bug.cgi?id=987633

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.