Date: Fri, 25 Oct 2013 19:41:24 +0530 (IST) From: P J P <ppandit@...hat.com> To: oss security list <oss-security@...ts.openwall.com> Subject: CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO Hello, Linux kernel built with an Ethernet driver(ex virtio-net) which has UDP Fragmentation Offload(UFO) feature ON is vulnerable to a memory corruption flaw when UDP_CORK socket option is set. It could occur when sending large messages, wherein all messages are not greater than maximum transfer unit(MTU) of the underlying medium. An unprivileged user/program could use this flaw to crash the kernel resulting in DoS, or potentially execute arbitrary code to escalate privileges to gain root access to a system. Upstream fix: ------------- -> http://patchwork.ozlabs.org/patch/285292/ Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1023477 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.