oss-sec mailing list archives

Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 23 Jul 2013 13:52:59 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/23/2013 01:36 PM, P J P wrote:

Hi,

Linux kernel built with the IPv6 networking support is vulnerable
to a crash while appending data to an IPv6 socket with UDP_CORKED
option set. UDP_CORK enables accumulating data and sending it as
single datagram.

An unprivileged user/program could use this flaw to crash the
kernel, resulting in local DoS.

Upstream fix: ------------- ->
https://git.kernel.org/linus/75a493e60ac4bbe2e977e7129d6d8cbb0dd236be

 Reference: ---------- ->
https://bugzilla.redhat.com/show_bug.cgi?id=987633

Acknowledgements: -----------------

Red Hat would like to thank Hannes Frederic Sowa for reporting this
issue.

Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A
84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B


Please use CVE-2013-4163 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR7t8bAAoJEBYNRVNeJnmTFv4QAJOWescZj0nhdpKxBAKxmpup
/23aw/8sY4wZ/L7lOakx5PaF3Ia15ZAknTjNqzio0UvjyDONZFOOZXdEde3IuS3J
WJ5OiyisccJrGEuKTEa/rhwr1zAS/R/7QwSMZIDMHpgQGustSFpQKCH2TCCdiPFu
Fm6hINLG0GBotCzmOOd10bJBFDMMHzCLc2lbHM8/cJXcbXR60D8G1WO6jWhD7hg8
HYF9/64A44wmJG+13Pq4GUj4yCAFyVUrUMdRIjDNmAa4Y0x52/P83vY+Xer5nwt0
ZivlPqD0/NqqlfIf+bPAU6t0v/7ZIPBxVbdh7rJTSF5PY/zVnLGzFi9BiQxnufkc
F874zW0hPXZ0QwHr2MFNdKHizgibepOi5NAScPULXvnkmUNSElqiWK98uiH/WX1z
bANKu4tOh7+FnWBugi7gPBwz5j7+8uk4XVj+2kaKnHO2WlJBuxxSjGvAZuPcaowb
C3rM3n9eL8Ye2O/bSV0eYV0583CB3x/xXy8WHwUt6yMqjsUZP1lTnXbRYAdt10U4
v+hstzsX9MhZV9eb17/ilBIh/8y/GjJOCijZ/C7WkeDYrgF6djHpbVT/ClRVhaLg
lcED9/fp4JmgnRdRLuaRd++bBYA1NuIuhzXrish8ILRa4cIuXongwgx5fQadACaA
sWbHTXj762d+jjSG75GP
=6ulD
-----END PGP SIGNATURE-----

Current thread:

CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P (Jul 23)
- Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu Seth Arnold (Jul 23)
  - Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P (Jul 23)
- Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu Kurt Seifried (Jul 23)