Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 27 Feb 2018 06:55:29 -0500 (EST)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-7492: Linux kernel: Null pointer dereference in
 net/rds/rdma.c:__rds_rdma_map()

Hello,

> > [Suggested description]
> > A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map()
> > function in the Linux kernel before 4.14.7 allowing local attackers to cause
> > a system panic and a denial-of-service, related to RDS_GET_MR and
> > RDS_GET_MR_FOR_DEST.
> > 
> > ------------------------------------------
> > 
> > [VulnerabilityType Other]
> > CWE-476 NULL Pointer Dereference
> > 
> > ------------------------------------------
> > 
> > [Vendor of Product]
> > kernel.org: Linux kernel
> > 
> > ------------------------------------------
> > 
> > [Affected Product Code Base]
> > Linux kernel - fixed since v4.15-rc3
> > 
> > ------------------------------------------
> > 
> > [Affected Component]
> > 'net/rds/rdma.c' file, __rds_rdma_map() function
> > 
> > ------------------------------------------
> > 
> > [Attack Type]
> > Local
> > 
> > ------------------------------------------
> > 
> > [Impact Denial of Service]
> > true
> > 
> > ------------------------------------------
> > 
> > [Attack Vectors]
> > to exploit vulnerability a certain setsockopt() call should be made for an AF_RDS socket.
> > 
> > ------------------------------------------
> > 
> > [Reference]
> > https://patchwork.kernel.org/patch/10096441/
> > https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/
> > https://bugzilla.redhat.com/show_bug.cgi?id=1527393
> > https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
> > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
> > https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
> > 
> > ------------------------------------------
> > 
> > [Discoverer]
> > syzkaller719569
> 
> Use CVE-2018-7492.

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ