Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2113704961.13214334.1506089666956.JavaMail.zimbra@redhat.com>
Date: Fri, 22 Sep 2017 10:14:26 -0400 (EDT)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in
 iscsi_if_rx()

Heololo,

It was found that the iscsi_if_rx() function in 'drivers/scsi/scsi_transport_iscsi.c'
in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause
a denial of service (a system panic) by making a number of certain syscalls by
leveraging incorrect length validation in the kernel code.

Our tests show that indeed an unprivileged local user can easily cause (i.e. run a binary)
a system panic or a compete lock up. A wide range of kernel versions is affected, from
v2.6.24-rc1 till the latest ones.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1490421

https://www.suse.com/security/cve/CVE-2017-14489/

https://nvd.nist.gov/vuln/detail/CVE-2017-14489

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14489

A suggested upstream patch:

https://patchwork.kernel.org/patch/9923803/

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.