oss-sec mailing list archives
Re: CVE request - Android kernel - IPv6 connect cause a denial of service
From: cve-assign () mitre org
Date: Fri, 11 Dec 2015 11:41:18 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
net/ipv4/af_inet.c inet_autobind if (sk->sk_prot->get_port(sk, 0)) {
if the sk->sk_prot->get_port is NULL
[ an unanticipated condition ]
Solution: if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {
From: Hannes Frederic Sowa <hannes () stressinduktion org> Date: Wed, 9 Dec 2015 15:31:32 +0100
I fear your solution just papers over the bug and will leave the port in a half initialized state.
Use CVE-2015-8543 for the originally identified bug. We realize that, for example, http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/af_inet.c has not yet been changed. If Linux kernel developers determine that multiple independent bugs result in situations where sk->sk_prot->get_port is NULL above, then it is possible that additional CVE IDs will be assigned later. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWavwyAAoJEL54rhJi8gl5YFsQAI5IxqeR4wGC8jgddurgDQMC Ex3f5QsouQMuDD6KUGDy+pfl+oFzT6Y0qj4gE61iIhRUgvU5S6lSa0zBk29hQNDB smoFCcgd0gqQMwA4ruCQqDA0tGVKdJTvqUb8vkwnU5cQ+6Qi71Qodo9tQxCNiA/U SLoC4F2AQg/yMMrLhiWiRIg9H/9aLwLeETHfwqRe5wgoGombqiZ/zHn3kO9zvnXx MFkDmdmjfwUhvtGzxRVOdMl+lDaOij/iehjffqXbwZM8hImHdy8XX/sI4SuZ5HrR YD40VROb2ZnEXyGuEVW4QoTppelzXNjl008yW3ysagBPIiufRLRMiZ8Oikr5nOn7 Y9Tzftj859V1P4dldk5aB68zWhRiUX6rila45bzz6KgawdEihAldSkvN6zlRX3KD WVny3XkTmTqItIN9rcT/HOQYBFRfrreU3tz93/w6AZamgKb4Op5gQdFzbRbLBUcP 8PwY1kGEY+MfqgQEFMyy9NP6AdMQBXrTce/Y+xfUWbTM48ordg33+F5nRgx/WPGU Y7RijZCJcZPd8qi0jkj4Zp1MmRsmWsxssa6zDGsxHC46GiQhfP9OmndYloO/ze4x jmZ2eALLw2Rta95VM/2upsYIC3YaShz3D7rU563aHuAusbTinkjCyFP0xKkRJDf5 NwVV5z0ou6GVCbxunTbb =KMi2 -----END PGP SIGNATURE-----
Current thread:
- CVE request - Android kernel - IPv6 connect cause a denial of service 郭永刚 (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service cve-assign (Dec 11)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 11)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 14)
- Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)