Date: Fri, 31 Mar 2017 19:20:20 +0200 From: Andrey Konovalov <andreyknvl@...gle.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring On Fri, Mar 31, 2017 at 2:03 PM, Andrey Konovalov <andreyknvl@...gle.com> wrote: > Hi, > > CVE-2017-7308  was assigned to the following issue: > > The packet_set_ring function in net/packet/af_packet.c in the Linux > kernel through 4.10.6 does not properly validate certain block-size > data, which allows local users to cause a denial of service (overflow) > or possibly have unspecified other impact via crafted system calls. > > The fix is sent upstream . Update: the fix actually consists of 3 patches: https://patchwork.ozlabs.org/patch/744811/ https://patchwork.ozlabs.org/patch/744813/ https://patchwork.ozlabs.org/patch/744812/ > >  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7308 > >  https://patchwork.ozlabs.org/patch/744811/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.