Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue,  5 Jul 2016 18:39:38 -0400 (EDT)
From: cve-assign@...re.org
To: marco.gra@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: BUG_ON crash in linux 4.7-rc6/master skbuff.c

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> this program will crash the linux kernel 4.7-rc6 and current master in a
> voluntary panic() call triggered at a BUG_ON in net/core/skbuff.c:3051
> 
> kernel BUG at net/core/skbuff.c:3051!
> 
> in a qemu environment with kASAN enabled in a syzkaller-kind setup

> [   59.831394] kernel BUG at net/core/skbuff.c:3051!
> [   59.831802] invalid opcode: 0000 [#1] SMP KASAN

> [   59.844495]  [<ffffffff82c54dba>] udpv6_queue_rcv_skb+0x4fa/0x15b0
> [   59.845048]  [<ffffffff82c56b36>] __udp6_lib_rcv+0xcc6/0x1d20
> [   59.845540]  [<ffffffff82c57bb1>] udpv6_rcv+0x21/0x30
> [   59.845975]  [<ffffffff82bf5971>] ip6_input_finish+0x3a1/0x1170
> [   59.846510]  [<ffffffff82bf7faa>] ip6_input+0xda/0x1f0
> [   59.846950]  [<ffffffff82bf7ed0>] ? ipv6_rcv+0x1790/0x1790
> [   59.847418]  [<ffffffff8296ce36>] ? __netif_receive_skb+0x36/0x170

> [   59.883546] Kernel panic - not syncing: Fatal exception in interrupt

> reproducer --- derp2.c
> 
> r[0] = syscall(SYS_mmap, ...
> r[1] = syscall(SYS_socket, ...
> r[3] = syscall(SYS_bind, ...
> r[6] = syscall(SYS_sendto, ...
> r[13] = syscall(SYS_setsockopt, ...
> r[14] = syscall(SYS_dup, ...
> r[21] = syscall(SYS_write, ...

Use CVE-2016-6162.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXfDVGAAoJEHb/MwWLVhi2AqUQAJzw7O7PX85JseeWkL6p9e8u
RHZtWmwh3TBgkdXuCh/GtayjL+pRdGjWs4Xz6S/vXf4iOMIxMc5BHXaaUSn1Yjpk
SBxfhNQPCVaAMnGD4FizEpJW2IY/79RqS7VB5GVTROuqrDySEg7p+9mT/XSZ3QyU
GKydUzilXBvq2AG3E+PVvCwXT7Nefd1tVNOWrvz1dFmOZ8lveJx2EQes8EvE2VzN
NEMKSuTl8Ey734VynwDkCUojHLjS40c0ny0ZhXtH1UURk3xb+WM9jLtTbmBLzmJC
sVH/rBORjvoptyR397KxuPYlXVXIjf8qRnVeZyV/y/gZhI6e8Hvxq1Df0wuZ9lzq
k41ldbLCEYnPKBVZbT+y+LobbF6Xp57/uCmBDSm11HDTle5EvSOWXVHd/4cw5t/c
b2IiNHTMkN9aeZVVT2yG8F9bEKBTzyIv5LbEaHhwNXgNuCfX2Ey5iZo2PBxVMBRJ
TeMlQK7AoBVidiWVMsB4jvZMJMCMWXFXROG2istI87WbLEzRzmKhqWjAEEbXVSzh
3lZHb0+06iH7e44mzsErURLkJlbOWSzNRo+Xl7nLCig+0wAqDYphC14bkZtNY1+z
rb+cune9A/mQe5qSLBckzB+W83dc7JQu/sHjFZhn1AgT5MI1nq6s36Ud+xdfQgvf
5ytAy5KDBdLxn2HCukEh
=c6Oy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ