oss-sec mailing list archives
Re: Linux kernel: fixed bug in net/core/flow_dissector.c
From: Alexander Popov <alex.popov () linux com>
Date: Tue, 29 Aug 2017 12:46:24 +0300
On 24.08.2017 21:03, Seth Arnold wrote:
On Thu, Aug 24, 2017 at 05:52:45PM +0300, Alexander Popov wrote:I was asked to investigate a suspicious kernel crash on some Linux server. It is at least a remote DoS (and maybe RCE): Linux is crashed by receiving a single special MPLS packet. I bisected and found out that the bug was introduced in commit b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13 And was later fixed it in commit a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0Is it worth requesting a CVE ID for that issue?I think it is, it's an easy way to make sure all downstream consumers are alerted to the issue.
I've requested a CVE ID at https://cveform.mitre.org/ and got CVE-2017-13715 for this issue. Best regards, Alexander
Current thread:
- Linux kernel: fixed bug in net/core/flow_dissector.c Alexander Popov (Aug 24)
- Re: Linux kernel: fixed bug in net/core/flow_dissector.c Seth Arnold (Aug 24)
- Re: Linux kernel: fixed bug in net/core/flow_dissector.c Alexander Popov (Aug 29)
- Re: Linux kernel: fixed bug in net/core/flow_dissector.c Seth Arnold (Aug 24)