oss-sec mailing list archives

Re: CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct

From: Petr Matousek <pmatouse () redhat com>
Date: Fri, 10 May 2013 16:25:55 +0200

On Fri, May 10, 2013 at 05:33:37PM +0530, P J P wrote:

Linux kernels built with Universal TUN/TAP device driver(CONFIG_TUN)
that includes multiqueue - ioctl(TUNSETQUEUE) - support, is
vulnerable to a kernel crash while attaching a device to a new
queue.

A user/program could use this flaw to crash the system resulting in DoS.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/6e331f4c83021e4de2a2fc4981574b5d5b16c425
  -> https://git.kernel.org/linus/7c0c3b1a8a175437991ccc898ed66ec5e4a96208


As both multiqueue support and fix for this issue were committed in 3.8
rc versions ((rc1 and rc4, respectively), please reject this request.

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct P J P (May 10)
- Re: CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct Petr Matousek (May 10)