Date: Tue, 28 Feb 2017 17:23:09 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347) Hi CVE-2017-6347 was assigned by MITRE to the following (via https://cveform.mitre.org/): https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 > ip: fix IP_CHECKSUM handling > > The skbs processed by ip_cmsg_recv() are not guaranteed to > be linear e.g. when sending UDP packets over loopback with > MSGMORE. > Using csum_partial() on [potentially] the whole skb len > is dangerous; instead be on the safe side and use skb_checksum(). > > Thanks to syzkaller team to detect the issue and provide the > reproducer. The issue was introduced in 4.0 by commit ad6f939ab193. The fix as well backported to 4.9.13. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.