Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 28 Feb 2017 17:23:09 +0100
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Subject: Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)


CVE-2017-6347 was assigned by MITRE to the following (via

> ip: fix IP_CHECKSUM handling
> The skbs processed by ip_cmsg_recv() are not guaranteed to
> be linear e.g. when sending UDP packets over loopback with
> Using csum_partial() on [potentially] the whole skb len
> is dangerous; instead be on the safe side and use skb_checksum().
> Thanks to syzkaller team to detect the issue and provide the
> reproducer.

The issue was introduced in 4.0 by commit ad6f939ab193. The fix as
well backported to 4.9.13.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ