oss-sec mailing list archives
Fwd: [scr293903] Linux kernel - upstream
From: Andrey Konovalov <andreyknvl () google com>
Date: Sun, 12 Feb 2017 19:46:49 +0100
---------- Forwarded message ---------- From: <cve-request () mitre org> Date: Sun, Feb 12, 2017 at 7:45 PM Subject: Re: [scr293903] Linux kernel - upstream To: andreyknvl () google com Cc: cve-request () mitre org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The CVE ID is below. Please clarify whether you want this added to the public CVE List immediately. You have provided https://patchwork.ozlabs.org/patch/724136/ as a public reference that appears to disclose this as a vulnerability, at least if the attacker can run a local application to make arbitrary system calls. The public reference does not directly suggest a remote attack: that detail could be omitted from the public CVE List.
[Additional Information] It's possible to cause a denial of server by sending bad IP options on a socket. Potentially this can be triggered remotely. ------------------------------------------ [VulnerabilityType Other] Denial of service ------------------------------------------ [Vendor of Product] Linux kernel ------------------------------------------ [Affected Product Code Base] Linux kernel - upstream ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Denial of Service] true ------------------------------------------ [Reference] https://patchwork.ozlabs.org/patch/724136/ ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true
Use CVE-2017-5970. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYoK07AAoJEHb/MwWLVhi28REP/id92tkREqUYayj/GcZUN67r swVR6fvnO0vP7lfVR4iPg5tKRCfM9FkIBU2+OHEXFGzvsXA/jHaabADqqkWOHfGA QcXx4dz1HJEwGr+ALRVW6YDl7clWIKW9u6zP2Md6EKYPxl5IeeJHvQwCCFGhW4CW zTdxYnPaSVs8PixpYpF5ZpiVzGL2KM13Ccwbsj7Jkjzz4YzNjWXz5Si3DsDkrD9v NwGN1DG9q8p+Nab29di55oRSMsx9NqAXzbIKzH93aoykO5gU7PsvwszsAg98NsAY mcwj/3s+HaZkH6i2Q8UyRfqvZ6JWNr3FGGhfZX+pEnYZ28RF93Ven8+8MrlrSEkm B/tx0gf7Y3RPvb686ppDpkPK0x5JeOEsMhRHRSF5GKm24Ltev0c+vyEts2KJeAoq f+8PiFz3T2DIrs3356/sa7ovsQl2+X10vQj/Ai0G4CFC1J+3e9cdqkYPvOR5PlVB PMArIFpd2FLD/Rt9SmbtWlA6Crtcx/2Ijz29T1BlHIWSxmni1nz1bgnzg3+XhFwL fnoCy/Wl1b/9Er6+VmY0jzlr66IOAr+5GycnjSfKqQFBEAejuH/vuGQVXP4w3F4q 6Uc1uDVE1onZPIuRgzhEUienWlRnoOOwD1Bdwa1BLEKf0sx+6zr+2gvsvr1dAI27 P8bNrk2iD7/BEvo/GY5O =Esbo -----END PGP SIGNATURE-----
Current thread:
- Fwd: [scr293903] Linux kernel - upstream Andrey Konovalov (Feb 12)