Date: Wed, 27 May 2015 16:45:15 +0200 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security <oss-security@...ts.openwall.com> Cc: cve-assign@...re.org Subject: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Hi folks, This is a resend, as the other request seems to have gotten lost in the mix. A variety of issues have been found in Linux's ozwpan driver. 1. A remote packet can be sent, resulting in funny subtractions of signed integers, which causes a memcpy(kernel_heap, network_user_buffer, -network_user_provided_length). There are two different conditions that can lead to this: https://lkml.org/lkml/2015/5/13/740 https://lkml.org/lkml/2015/5/13/744 You may want to give two CVEs or just one CVE for these two issues. 2. A remote packet can be sent, resulting in divide-by-zero in softirq, causing hard crash: https://lkml.org/lkml/2015/5/13/741 3. A remote packet can be sent, resulting in a funny subtraction, causing an insanely big loop to lock up the kernel: https://lkml.org/lkml/2015/5/13/742 4. Multiple out-of-bounds reads, resulting in possible information leakage, explained in the last paragraph of the introductory email here: https://lkml.org/lkml/2015/5/13/739 Please assign CVEs so that these can be properly tracked. I've been told the v2 of these patches are in the merging queue. Regards, Jason Donenfeld
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ