Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LFD.2.03.1310251926490.17630@erqung.pbz>
Date: Fri, 25 Oct 2013 19:41:24 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE request: Linux kernel: net: memory corruption with UDP_CORK and
 UFO

    Hello,

Linux kernel built with an Ethernet driver(ex virtio-net) which has UDP 
Fragmentation Offload(UFO) feature ON is vulnerable to a memory corruption 
flaw when UDP_CORK socket option is set. It could occur when sending large 
messages, wherein all messages are not greater than maximum transfer unit(MTU) 
of the underlying medium.

An unprivileged user/program could use this flaw to crash the kernel resulting 
in DoS, or potentially execute arbitrary code to escalate privileges to gain 
root access to a system.

Upstream fix:
-------------
  -> http://patchwork.ozlabs.org/patch/285292/

Reference:
----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1023477


Thank you.
--
Prasad J Pandit / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.