Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <566F35F9.4070106@stressinduktion.org>
Date: Mon, 14 Dec 2015 22:34:49 +0100
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: oss-security@...ts.openwall.com, guoyonggang@....cn
Cc: cve-assign@...re.org
Subject: Re: Re: CVE request - Android kernel - IPv6 connect
 cause a denial of service

On 11.12.2015 17:41, cve-assign@...re.org wrote:
>> net/ipv4/af_inet.c
>> inet_autobind
> 
>> if (sk->sk_prot->get_port(sk, 0)) {
> 
>>> if the sk->sk_prot->get_port is NULL
> 
>>> [ an unanticipated condition ]
> 
>>> Solution:
>>> if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {
> 
>>>> From: Hannes Frederic Sowa <hannes@...essinduktion.org>
>>>> Date: Wed, 9 Dec 2015 15:31:32 +0100
> 
>>>> I fear your solution
>>>> just papers over the bug and will leave the port in a half initialized
>>>> state.
> 
> Use CVE-2015-8543 for the originally identified bug. We realize that,
> for example,
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/af_inet.c
> has not yet been changed. If Linux kernel developers determine that
> multiple independent bugs result in situations where
> sk->sk_prot->get_port is NULL above, then it is possible that
> additional CVE IDs will be assigned later.

The following patch fixes this issue:

https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9

It is queued up for -stable.

Thanks,
Hannes

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.