Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 31 May 2015 01:30:05 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: oss-security <oss-security@...ts.openwall.com>
Cc: cve-assign@...re.org
Subject: Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities

Hi folks,

Just providing an update on this. Several fixes for these issues have
been merged.

On Wed, May 27, 2015 at 4:45 PM, Jason A. Donenfeld
> 1. A remote packet can be sent, resulting in funny subtractions of
> signed integers, which causes a memcpy(kernel_heap,
> network_user_buffer, -network_user_provided_length).
>
> There are two different conditions that can lead to this:
> https://lkml.org/lkml/2015/5/13/740
> https://lkml.org/lkml/2015/5/13/744
> You may want to give two CVEs or just one CVE for these two issues.

https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e
https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c

Please assign a CVE.


>
> 2. A remote packet can be sent, resulting in divide-by-zero in
> softirq, causing hard crash:
> https://lkml.org/lkml/2015/5/13/741

https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?&id=04bf464a5dfd9ade0dda918e44366c2c61fce80b

Please assign a CVE.

>
> 3. A remote packet can be sent, resulting in a funny subtraction,
> causing an insanely big loop to lock up the kernel:
> https://lkml.org/lkml/2015/5/13/742

https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8

Please assign a CVE.


>
> 4. Multiple out-of-bounds reads, resulting in possible information
> leakage, explained in the last paragraph of the introductory email
> here:
> https://lkml.org/lkml/2015/5/13/739

The maintainer has not yet written a patch to fix this issue, so it
remains an open case.

Please assign a CVE.



I'd appreciate getting these CVEs assigned sooner rather than later.

Thanks,
Jason

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ