oss-sec mailing list archives

CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct

From: P J P <ppandit () redhat com>
Date: Fri, 10 May 2013 17:33:37 +0530 (IST)

  Hello,

Linux kernels built with Universal TUN/TAP device driver(CONFIG_TUN) thatincludes multiqueue - ioctl(TUNSETQUEUE) - support, is vulnerable to a kernelcrash while attaching a device to a new queue.


A user/program could use this flaw to crash the system resulting in DoS.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/6e331f4c83021e4de2a2fc4981574b5d5b16c425
  -> https://git.kernel.org/linus/7c0c3b1a8a175437991ccc898ed66ec5e4a96208


Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Current thread:

CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct P J P (May 10)
- Re: CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct Petr Matousek (May 10)