oss-sec mailing list archives
Re: CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 25 Oct 2013 14:07:31 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/25/2013 08:11 AM, P J P wrote:
Hello, Linux kernel built with an Ethernet driver(ex virtio-net) which has UDP Fragmentation Offload(UFO) feature ON is vulnerable to a memory corruption flaw when UDP_CORK socket option is set. It could occur when sending large messages, wherein all messages are not greater than maximum transfer unit(MTU) of the underlying medium. An unprivileged user/program could use this flaw to crash the kernel resulting in DoS, or potentially execute arbitrary code to escalate privileges to gain root access to a system. Upstream fix: ------------- -> http://patchwork.ozlabs.org/patch/285292/ Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1023477 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Please use CVE-2013-4470 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSas+CAAoJEBYNRVNeJnmTbvwQAJ+unAsNrmKoFQpp01saoDF4 pUlgdgV1RFdFK8iOHYn7hq1OXjJvRoZLx4UMC/JTykDyYnUiuAe+NCN2GBZoNK8Z xvCTjYK0NGNG/izsxBCqUnirUJlFwykmJjE/rjuXkjmJXiPna0l42UPr+xxOaynS xX1IP516i2k2FMAvvKqLa5LaH2k94QDWfSl4KleTQ4hv3mMC72h31y4EGt5t5avE GH2ZA44PFUr69xO2lJP6EoT2jdislOmTnSjEXngq3jgawBfeIJb2u5slB4SMaULQ sdi9dLqdIe4k6oE07ip4yBU3UIwEjb1b+cmfLtFmx8Gqliab6T5NHspW2F5u9Sek baVpRAGH+0HuHrIFI1p1me+s9cIDLbXTeHktUZUuHiR4z7Moxz1Sc2axoGnyumha Qo7EbyQ1dVaokwAI7GjAa5en/3cFNFdj+/wdBa7dLecfcDbQfTDenbVtnHXiesD3 L1+XEKQ4X6ONZ1HNvwjoo/s/YcMOlT2oSQmAcmmjFYVKWcGkzFLHPKPkQzz2BBXi 687Zlh+sk46ptnZXx5N1IB2gOqXDuOLDMAYXilmDX1HPZWUAPg1g4uArIW30eiQG SgM0yjrVrJi0M8+oDMhdgN4EYRBRufUd9urweChNOC7NFeCQzppIlIJKYq/WBhGm 3tjOGfppsAjWi5FtvYjH =Eg+0 -----END PGP SIGNATURE-----
Current thread:
- CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO P J P (Oct 25)
- Re: CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO Kurt Seifried (Oct 25)