oss-sec mailing list archives
CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter
From: Eugene Teo <eteo () redhat com>
Date: Mon, 06 Oct 2008 15:16:03 +0800
This was committed in upstream kernel recently. "[PATCH] sctp: Fix kernel panic while process protocol violation parameter Since call to function sctp_sf_abort_violation() need paramter 'arg' with 'struct sctp_chunk' type, it will read the chunk type and chunk length from the chunk_hdr member of chunk. But call to sctp_sf_violation_paramlen() always with 'struct sctp_paramhdr' type's parameter, it will be passed to sctp_sf_abort_violation(). This may cause kernel panic." Upstream commit: ba0166708ef4da7eeb61dd92bbba4d5a749d6561 This is user-triggerable. Thanks, Eugene
Current thread:
- CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Eugene Teo (Oct 06)
- Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Eugene Teo (Oct 20)
- Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Eugene Teo (Oct 20)
- Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Steven M. Christey (Oct 22)
- Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Eugene Teo (Oct 20)