Date: Tue, 14 Feb 2017 08:02:19 -0500 (EST) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Hello, I'm not sure if now I should be posting this on os-sec@ after requesting a CVE-ID via MITRE's web-form. Anyway. It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON() in sctp_wait_for_sndbuf() if the socket TX buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. References: https://lkml.org/lkml/2017/1/30/238 https://bugzilla.redhat.com/show_bug.cgi?id=1420276 Upstream patch: https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ