Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 May 2013 00:40:49 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: CVE request: Linux kernel: net: oops from tcp_collapse() when using
 splice(2)

    Hello,

Linux kernel which supports splice(2) call to move data across file/socket
descriptors via a pipe buffers, is vulnerable to a kernel crash that occurs
while calling splice(2) over a tcp socket which in turn calls tcp_read_sock().

A user/program could use this flaw to cause system crash, resulting in DoS.

Upstream fix:
-------------
   -> https://git.kernel.org/linus/baff42ab1494528907bf4d5870359e31711746ae

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.