oss-sec mailing list archives
Re: CVE request: remote heap overflow in linux networking stack
From: Solar Designer <solar () openwall com>
Date: Mon, 24 Apr 2017 20:17:56 +0200
Hi Jason, On Mon, Apr 24, 2017 at 08:00:10PM +0200, Jason A. Donenfeld wrote:
Requesting a CVE for [1], a heap overflow I found in Linux.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
Thank you for bringing this in here. I've attached the above URL's content in text/plain form, as required by oss-security content guidelines (actual content must be on the list, not only included by reference). The bug is in drivers/net/macsec.c implementing IEEE 802.1AE (MACsec). I hope it is rarely used and thus rarely exposed, and Linux kernel support for it is rather new, right? oss-security is no longer a place to request CVE IDs. You may request a CVE ID directly from MITRE: https://cveform.mitre.org Once you have the CVE ID, please post it to this same thread in here. (For non-public issues, it is also still possible to request CVE IDs along with notification to the (linux-)distros lists, as long as the primary purpose of giving advance notice to the distros is providing them with actionable information. A few of the distros are CNAs, so they'd assign CVE IDs from their pools.) Alexander
Attachment:
linux-drivers-net-macsec.txt
Description:
Current thread:
- CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 24)
- Re: CVE request: remote heap overflow in linux networking stack Solar Designer (Apr 24)
- Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 26)
- Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Solar Designer (Apr 24)
- Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 25)