Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 31 May 2015 01:30:05 +0200
From: "Jason A. Donenfeld" <>
To: oss-security <>
Subject: Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities

Hi folks,

Just providing an update on this. Several fixes for these issues have
been merged.

On Wed, May 27, 2015 at 4:45 PM, Jason A. Donenfeld
> 1. A remote packet can be sent, resulting in funny subtractions of
> signed integers, which causes a memcpy(kernel_heap,
> network_user_buffer, -network_user_provided_length).
> There are two different conditions that can lead to this:
> You may want to give two CVEs or just one CVE for these two issues.

Please assign a CVE.

> 2. A remote packet can be sent, resulting in divide-by-zero in
> softirq, causing hard crash:

Please assign a CVE.

> 3. A remote packet can be sent, resulting in a funny subtraction,
> causing an insanely big loop to lock up the kernel:

Please assign a CVE.

> 4. Multiple out-of-bounds reads, resulting in possible information
> leakage, explained in the last paragraph of the introductory email
> here:

The maintainer has not yet written a patch to fix this issue, so it
remains an open case.

Please assign a CVE.

I'd appreciate getting these CVEs assigned sooner rather than later.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ