CVE requests: Remote packet-of-death vulnerabilities in Linux Kernel ozwpan driver

["Jason A. Donenfeld" <Jason () zx2c4 com>]

Hi folks,

A variety of issues have been found in Linux's ozwpan driver.

1. A remote packet can be sent, resulting in funny subtractions of
signed integers, which causes a memcpy(kernel_heap,
network_user_buffer, -network_user_provided_length).

There are two different conditions that can lead to this:
https://lkml.org/lkml/2015/5/13/740
https://lkml.org/lkml/2015/5/13/744
You may want to give two CVEs or just one CVE for these two issues.

2. A remote packet can be sent, resulting in divide-by-zero in
softirq, causing hard crash:
https://lkml.org/lkml/2015/5/13/741

3. A remote packet can be sent, resulting in a funny subtraction,
causing an insanely big loop to lock up the kernel:
https://lkml.org/lkml/2015/5/13/742

4. Multiple out-of-bounds reads, resulting in possible information
leakage, explained in the last paragraph of the introductory email
here:
https://lkml.org/lkml/2015/5/13/739


Please assign CVEs so that these can be properly tracked.

Regards,
Jason