oss-sec mailing list archives

CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled.

From: P J P <ppandit () redhat com>
Date: Wed, 24 Jul 2013 00:48:02 +0530 (IST)

Hi,

Linux kernel built with IPv6 networking is vulnerable to a crash while sendingdata as a single datagram over IPv6 socket when UDP_CORK option set. UDP_CORKenables accumulating data and sending it as a single datagram.


Upstream fix:
-------------
 -> https://git.kernel.org/linus/8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1

Reference:
----------
 -> https://bugzilla.redhat.com/show_bug.cgi?id=987627

Acknowledgement:
-----------------
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.


Thank you!
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Current thread:

CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. P J P (Jul 23)
- Re: CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. Kurt Seifried (Jul 23)