oss-sec mailing list archives

Re: CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled.

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 23 Jul 2013 13:52:42 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/23/2013 01:18 PM, P J P wrote:

  Hi,

Linux kernel built with IPv6 networking is vulnerable to a crash while
sending data as a single datagram over IPv6 socket when UDP_CORK option
set. UDP_CORK enables accumulating data and sending it as a single
datagram.

Upstream fix:
-------------
 -> https://git.kernel.org/linus/8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1

Reference:
----------
 -> https://bugzilla.redhat.com/show_bug.cgi?id=987627

Acknowledgement:
-----------------
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.


Thank you!
-- 
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B


Please use CVE-2013-4162 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR7t8KAAoJEBYNRVNeJnmT8TwQALX0bwqkXpN8vpa7Md0g2E9Z
oBUEWdolT9QS6TOotOdklbY0AndXZSgLqLzLGsca9cwtQQW5jVpxroPGYmMLBhj1
Vpju0mTYrnjsd3d6tQN6ORtLW/+oC2F3vvbSdSPu6sg5JkleeDaBBKtFdJl5pgqZ
cmsQmXtr9ZJc/BJxI5argYcdudvjBHiLrNp6Co3ul27zcR+nZQHBuT/2TBRAnBa2
fGkOMUtKyJBTOWeROfg2KZ7y5IPdc6h0xR0MOSIRksCRoP9+cQR+qS3myT70s/9A
baqLzlRiYYO2CC1ewFhqPGnL8+U993pa9hyEPodVbowCyWMwGkQcXsamTlrzFDXh
AKShbI3WAhLn0tqaojSc9sbYqwgLohZuUdApmGjSDvAV60AG+azZJt1pocSbEJMw
ASBTQzd4bvS/ec8wpyJdgLEpbleUyPEdjLtY4RgfaWwakoYt9c9hjbv4MUyYPRXX
BMna1M9aJ/JOeo8NjFRlxVeyBxnVzkZS3MpgbsxgA3GpMYKl1Kx4UDbuBPbHp4YQ
EVJgusuMxBc6hPZJP3Q3vqXrLD8PhV96czt0GsJttaNG5EUBbA7nl2eW8XTZGDBw
PSR/jYaqf/2AlVYKHs8fsmWWx06ot3Prz90fXaa5sY6+juOQLHqRgFK6rTWB5GcQ
qS7Qax34S9wRbDfxlhcH
=PiVS
-----END PGP SIGNATURE-----

Current thread:

CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. P J P (Jul 23)
- Re: CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. Kurt Seifried (Jul 23)