Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 30 May 2017 21:12:21 +0200
From: Andrey Konovalov <andreyknvl@...gle.com>
To: oss-security@...ts.openwall.com
Cc: Pray3r <pray3r.z@...il.com>, Dmitry Vyukov <dvyukov@...gle.com>, 
	Kostya Serebryany <kcc@...gle.com>
Subject: Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets

A few CVEs were assigned for similar bugs causing kernel memory
corruption (use-after-free followed by a double-free) in IPv4/IPv6
TCP/SCTP/DCCP sockets. The details are below.

The bugs were found with syzkaller.

* CVE-2017-8890

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in
the Linux kernel through 4.10.15 allows attackers to cause a denial of
service (double free) or possibly have unspecified other impact by
leveraging use of the accept system call.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a

* CVE-2017-9075

The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8

* CVE-2017-9076

The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52

* CVE-2017-9077

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users
to cause a denial of service or possibly have unspecified other impact
via crafted system calls, a related issue to CVE-2017-8890.

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ