oss-sec mailing list archives
CVE request: kernel: possible kernel oops from user MSS
From: Eugene Teo <eugene () redhat com>
Date: Fri, 12 Nov 2010 13:09:38 +0800
With commit f5fff5dc8a7a3f395b0525c02ba92c95d42b7390, a user program can pass in TCP_MAXSEG of 12 (or TCPOLEN_TSTAMP_ALIGNED), and cause kernel oops with division by 0 in tcp_select_initial_window. Proposed patch: http://www.spinics.net/lists/netdev/msg146495.html Reference: http://www.spinics.net/lists/netdev/msg146405.html Thanks, Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- CVE request: kernel: possible kernel oops from user MSS Eugene Teo (Nov 11)
- Re: CVE request: kernel: possible kernel oops from user MSS Josh Bressers (Nov 12)