Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 28 Feb 2017 17:25:24 +0100
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Subject: Linux: packet: fix races in fanout_add() (CVE-2017-6346)


CVE-2017-6346 was assigned by MITRE to the following (via

> packet: fix races in fanout_add()
> Multiple threads can call fanout_add() at the same time.
> We need to grab fanout_mutex earlier to avoid races that could
> lead to one thread freeing po->rollover that was set by another thread.
> Do the same in fanout_release(), for peace of mind, and to help us
> finding lockdep issues earlier.

Since 4.2 the races can lead to a use-after-free.

The fix was backported to 4.9.13 as well.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ