Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <b3892063-b093-4353-88e3-49cbec582422@redhat.com>
Date: Tue, 25 Apr 2017 11:20:12 +0200
From: Andrej Nemec <anemec@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-7477 kernel: net: Heap overflow in skb_to_sgvec in macsec.c

Hello folks,

Red Hat has been notified about a possible heap overflow vulnerability
in kernel networking, specifically in the macsec.c module. We have
assigned a CVE-2017-7477 for this issue. Corresponding commit which
fixes this issue can be found at [1]. There is no preliminary impact
available as of now.

Short description:

A heap overflow vulnerability was found in the Linux kernel in macsec
module. Specifying MAX_SKB_FRAGS + 1 and using NETIF_F_FRAGLIST which
calls skb_to_sgvec will overflow the heap.

This is now available as a Red Hat bugzilla at [2].

[1]
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1445207

Best Regards,

-- 
Andrej Nemec, Red Hat Product Security
3701 3214 E472 A9C3 EFBE 8A63 8904 44A1 D57B 6DDA




Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.