|
Message-ID: <47ec68bee7cc4c0d873931a344c85e74@imshyb02.MITRE.ORG> Date: Thu, 8 Dec 2016 12:19:17 -0500 From: <cve-assign@...re.org> To: <bluewind@...u.at> CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com> Subject: Re: CVE request: Linux panic on fragemented IPv6 traffic (icmp6_send) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > The linux kernel contains a bug where a fragmented IPv6 packet causes a > panic after a timeout (seems to be roughly 60 seconds). This can be > triggered remotely via the internet and results in a DoS (kernel panic). > https://bugzilla.kernel.org/show_bug.cgi?id=189851 >> unable to handle kernel NULL pointer dereference >> Seems I can reliably crash said machines running 4.8.12-2 by sending >> them incomplete fragmented IPv6 packets. The kernel indeed has >> NET_L3_MASTER_DEV. > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 >> the dst->dev should be preferred for determining the L3 domain >> if the dst has been set on the skb. Fallback to the skb->dev if it has >> not. This covers the case reported here where icmp6_send is invoked on >> Rx before the route lookup. Use CVE-2016-9919. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYSZWMAAoJEHb/MwWLVhi2UAAQAKUTqLnsjpwqlBAxNh9rEexe ljitZUtj0WSTrYAY+EdPm6n5mDocVCw5IlB2wd8Fa/8z2kPigG/9oDafnWXJFKK1 hlqNZAep/GBGX9ISVxbLPFJ5jel8BWsZ3kwiAdj5t4GcuTDbwOkujvknHyhxBS6T kKBE/TVtafKcLUd+D6qzWyt0BaOz+ATKKrekrkRKkm7yEBaGIUHIekWZnK0tJ+sS 08sFKUxzfDCud//OepxNgxRDlecqlcK0PKNp9NNRgD/+D99JgLaxItMVVMkQrh5s 854jFifEhObQKeJLAUotfvSJjIoASXHrndyhwCw2C636vqsASE9KVItzmXV4MzSW 4+8Yqi/jLExwSe1z3Z4R6+zpQopok/ZmGJ9BPBODrU8bsCm/eFvA2eXRvXD/v2Oh /lFbDJf34P8FM8wvzFTc0tDJB5Lf2xZ2pjEUfEdM0hlryfKWIoaGDzcpKPGfewiN M3yHp3CcuKCX6pVxrmonA1goJTpddBqALUavwWtRRnF6ozUhKpWG6G2zhkVn9ZaT vwSSlsYw6BTYpMz1ZPF6rqeCowtdQDI/J6gM8OuQAq/aV/i0jmFv5ToB158dy5yc rq2wKEdUv6y0ZM7lWX5aleGlEfyMyIB/ZtTWy5wAvyfpwlv6X3/OSc/9eXxFB27M R2CpnZwv2wLfC6/R9czc =DVJY -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.