oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)

From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 28 Feb 2017 17:28:02 +0100
Hi

CVE-2017-6345 was assigned by MITRE to the following (via
https://cveform.mitre.org/):

https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762


net/llc: avoid BUG_ON() in skb_orphan()

It seems nobody used LLC since linux-3.12.

Fortunately fuzzers like syzkaller still know how to run this code,
otherwise it would be no fun.

Setting skb->sk without skb->destructor leads to all kinds of
bugs, we now prefer to be very strict about it.

Ideally here we would use skb_set_owner() but this helper does not exist yet,
only CAN seems to have a private helper for that.


The fix was backported to 4.9.13 as well.

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: