Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Feb 2017 08:02:19 -0500 (EST)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Linux kernel: Reachable BUG_ON from userspace in
 sctp_wait_for_sndbuf()

Hello,

I'm not sure if now I should be posting this on os-sec@ after requesting
a CVE-ID via MITRE's web-form. Anyway.

It was reported that with Linux kernel, earlier than version v4.10-rc8, an application
may trigger a BUG_ON() in sctp_wait_for_sndbuf() if the socket TX buffer is full, a thread
is waiting on it to queue more data, and meanwhile another thread peels off the association
being used by the first thread.

References:

https://lkml.org/lkml/2017/1/30/238

https://bugzilla.redhat.com/show_bug.cgi?id=1420276

Upstream patch:

https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ