Date: Tue, 29 Aug 2017 12:46:24 +0300 From: Alexander Popov <alex.popov@...ux.com> To: Seth Arnold <seth.arnold@...onical.com>, oss-security@...ts.openwall.com Subject: Re: Linux kernel: fixed bug in net/core/flow_dissector.c On 24.08.2017 21:03, Seth Arnold wrote: > On Thu, Aug 24, 2017 at 05:52:45PM +0300, Alexander Popov wrote: >> I was asked to investigate a suspicious kernel crash on some Linux >> server. It is at least a remote DoS (and maybe RCE): Linux is crashed by >> receiving a single special MPLS packet. >> >> I bisected and found out that the bug was introduced in >> commit b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13 >> And was later fixed it in >> commit a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0 > >> Is it worth requesting a CVE ID for that issue? > > I think it is, it's an easy way to make sure all downstream consumers > are alerted to the issue. I've requested a CVE ID at https://cveform.mitre.org/ and got CVE-2017-13715 for this issue. Best regards, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ