oss-sec mailing list archives
Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter
From: Eugene Teo <eteo () redhat com>
Date: Tue, 21 Oct 2008 10:19:13 +0800
Eugene Teo wrote:
Eugene Teo wrote:This was committed in upstream kernel recently. "[PATCH] sctp: Fix kernel panic while process protocol violation parameter Since call to function sctp_sf_abort_violation() need paramter 'arg' with 'struct sctp_chunk' type, it will read the chunk type and chunk length from the chunk_hdr member of chunk. But call to sctp_sf_violation_paramlen() always with 'struct sctp_paramhdr' type's parameter, it will be passed to sctp_sf_abort_violation(). This may cause kernel panic." Upstream commit: ba0166708ef4da7eeb61dd92bbba4d5a749d6561 This is user-triggerable.Ping Steve. This needs a CVE name too. Thanks!
My bad. Steve assigned this with CVE-2008-4618. Thanks, Eugene
Current thread:
- CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Eugene Teo (Oct 06)
- Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Eugene Teo (Oct 20)
- Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Eugene Teo (Oct 20)
- Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Steven M. Christey (Oct 22)
- Re: CVE request: kernel: sctp: Fix kernel panic while process protocol violation parameter Eugene Teo (Oct 20)