Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 28 Feb 2017 17:28:02 +0100
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Subject: Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)


CVE-2017-6345 was assigned by MITRE to the following (via

> net/llc: avoid BUG_ON() in skb_orphan()
> It seems nobody used LLC since linux-3.12.
> Fortunately fuzzers like syzkaller still know how to run this code,
> otherwise it would be no fun.
> Setting skb->sk without skb->destructor leads to all kinds of
> bugs, we now prefer to be very strict about it.
> Ideally here we would use skb_set_owner() but this helper does not exist yet,
> only CAN seems to have a private helper for that.

The fix was backported to 4.9.13 as well.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ