Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 31 May 2015 01:30:05 +0200
From: "Jason A. Donenfeld" <>
To: oss-security <>
Subject: Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities

Hi folks,

Just providing an update on this. Several fixes for these issues have
been merged.

On Wed, May 27, 2015 at 4:45 PM, Jason A. Donenfeld
> 1. A remote packet can be sent, resulting in funny subtractions of
> signed integers, which causes a memcpy(kernel_heap,
> network_user_buffer, -network_user_provided_length).
> There are two different conditions that can lead to this:
> You may want to give two CVEs or just one CVE for these two issues.

Please assign a CVE.

> 2. A remote packet can be sent, resulting in divide-by-zero in
> softirq, causing hard crash:

Please assign a CVE.

> 3. A remote packet can be sent, resulting in a funny subtraction,
> causing an insanely big loop to lock up the kernel:

Please assign a CVE.

> 4. Multiple out-of-bounds reads, resulting in possible information
> leakage, explained in the last paragraph of the introductory email
> here:

The maintainer has not yet written a patch to fix this issue, so it
remains an open case.

Please assign a CVE.

I'd appreciate getting these CVEs assigned sooner rather than later.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.