Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2016 07:51:26 -0500 (EST)
From: Vladis Dronov <>
Subject: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in


Let me please inform that it was discovered by Marco
Grassi <> (many thanks) that the
Linux kernels since at least v4.0 are crashing in
tcp_collapse() after making a number of certain syscalls.

RHEL-7 kernels (3.10.0-xxx) are not vulnerable. Also,
the upstream kernels since v4.9-rc1 are not vulnerable too,
as they have the commit c9c3321257. Unfortunately, this
commit is not fix, but just a workaround. I'm not aware
of any fix as of now.

CVE-2016-8645 was assigned to this flaw internally by
the Red Hat, please, use this CVE-ID in communications
regarding this flaw.

Discussion at stable@:

Discussion at netdev@: # the whole thread

Red Hat public BZ:

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ