Date: Sun, 31 May 2015 01:30:05 +0200 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security <oss-security@...ts.openwall.com> Cc: cve-assign@...re.org Subject: Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Hi folks, Just providing an update on this. Several fixes for these issues have been merged. On Wed, May 27, 2015 at 4:45 PM, Jason A. Donenfeld > 1. A remote packet can be sent, resulting in funny subtractions of > signed integers, which causes a memcpy(kernel_heap, > network_user_buffer, -network_user_provided_length). > > There are two different conditions that can lead to this: > https://lkml.org/lkml/2015/5/13/740 > https://lkml.org/lkml/2015/5/13/744 > You may want to give two CVEs or just one CVE for these two issues. https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c Please assign a CVE. > > 2. A remote packet can be sent, resulting in divide-by-zero in > softirq, causing hard crash: > https://lkml.org/lkml/2015/5/13/741 https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?&id=04bf464a5dfd9ade0dda918e44366c2c61fce80b Please assign a CVE. > > 3. A remote packet can be sent, resulting in a funny subtraction, > causing an insanely big loop to lock up the kernel: > https://lkml.org/lkml/2015/5/13/742 https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 Please assign a CVE. > > 4. Multiple out-of-bounds reads, resulting in possible information > leakage, explained in the last paragraph of the introductory email > here: > https://lkml.org/lkml/2015/5/13/739 The maintainer has not yet written a patch to fix this issue, so it remains an open case. Please assign a CVE. I'd appreciate getting these CVEs assigned sooner rather than later. Thanks, Jason
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ