Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 2 Dec 2016 19:24:09 -0500
From: <cve-assign@...re.org>
To: <andreyknvl@...gle.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<kcc@...gle.com>, <dvyukov@...gle.com>, <edumazet@...gle.com>
Subject: Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> There's a bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation,
> which allows CAP_NET_ADMIN users to cause memory corruption.
> 
> The fix is upstream:
> https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290

>> CAP_NET_ADMIN users should not be allowed to set negative
>> sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
>> corruptions, crashes, OOM...

Use CVE-2016-9793. This affects, for example, 4.8.12.


We might not completely understand the CVE implications of the "Note
that before
https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b
the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were
vulnerable" comment within the
b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 commit message.
82981930125abfd39d7c8378a9cfdf5e1be2002b is a commit from 2012. The
3.5 release has this, whereas the 3.4 release does not.

For now, we are assigning CVE-2012-6704 to mean the analogous
vulnerability involving SO_SNDBUF and SO_RCVBUF that affects "before
3.5" kernels.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYQhAGAAoJEHb/MwWLVhi2Q70QALXvPXP7eiF3IBAKa2pTZOXs
J9JGbNp3LcZhAbLlIsXD033lVMI04KB6eyymajLFxQ4++r+eqVq7EixYu8l5Aady
MBNB5Oy8yzOG4+7ktAIPUNkCipbt016/VtTVgC6ryQbhDJHwrzSaL+2z7ukGRiTo
MzN/4ojgB0QWs8gKfugH+Sk9MvjklxuRQr/wejVXxfpayfC+1KBWHzC/T/mv0mVv
j8D8g2i5OmuJ6iemExzT13vvPY/kO6AdvNypMXc8ZL1i2rQD/xsQhNkRGubE6ace
cqFGuYlj3RxVUh1dDF86hSbzJPj71vrfqKzlkx3Ml92yDMQxGz7xFbWIJLO69MD8
uBXGR9C5v7UJJKtHen5b+eyngvs/9aOLI12jbxWbdvg+MHJ/ZqYJP3tQ88iOCXuY
fKJc+dgfYoPDybYgaD3jOhOT7ZfsRQvkiORSe9EU1s9/ic6dS8u1i3Z3j4DQ5RyH
lIr2V/tT2JVd65Vm1UJuENO/tQCHTKj+PQBrRjqHk2tHzlx8dpH0G4fjyOewwTYl
U//XW9U5flbUqViKHpRqhN1czZNBwYOV2nCJ22j9dgX0m/QEDkREibtBLVkHZiNX
eC96vz5DQvTAvS4klSGdQOJ85TwEBxG8y4PGfz2XND/CjrKfaBr8sDBLh7YPUhfb
2+HqiZwP/N92Pq3N5vah
=a80X
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.