Date: Sun, 31 May 2015 01:30:05 +0200 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security <oss-security@...ts.openwall.com> Cc: cve-assign@...re.org Subject: Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Hi folks, Just providing an update on this. Several fixes for these issues have been merged. On Wed, May 27, 2015 at 4:45 PM, Jason A. Donenfeld > 1. A remote packet can be sent, resulting in funny subtractions of > signed integers, which causes a memcpy(kernel_heap, > network_user_buffer, -network_user_provided_length). > > There are two different conditions that can lead to this: > https://lkml.org/lkml/2015/5/13/740 > https://lkml.org/lkml/2015/5/13/744 > You may want to give two CVEs or just one CVE for these two issues. https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c Please assign a CVE. > > 2. A remote packet can be sent, resulting in divide-by-zero in > softirq, causing hard crash: > https://lkml.org/lkml/2015/5/13/741 https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?&id=04bf464a5dfd9ade0dda918e44366c2c61fce80b Please assign a CVE. > > 3. A remote packet can be sent, resulting in a funny subtraction, > causing an insanely big loop to lock up the kernel: > https://lkml.org/lkml/2015/5/13/742 https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 Please assign a CVE. > > 4. Multiple out-of-bounds reads, resulting in possible information > leakage, explained in the last paragraph of the introductory email > here: > https://lkml.org/lkml/2015/5/13/739 The maintainer has not yet written a patch to fix this issue, so it remains an open case. Please assign a CVE. I'd appreciate getting these CVEs assigned sooner rather than later. Thanks, Jason
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.