oss-sec mailing list archives
Linux kernel: CVE-2017-9242: out-of-bounds write in __ip6_append_data
From: Andrey Konovalov <andreyknvl () google com>
Date: Tue, 30 May 2017 21:12:40 +0200
The following CVE was assigned for an out-of-bounds write in IPv6 socket buffers. The bug was found with syzkaller. * CVE-2017-9242 The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242 Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a
Current thread:
- Linux kernel: CVE-2017-9242: out-of-bounds write in __ip6_append_data Andrey Konovalov (May 30)