oss-sec mailing list archives
CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO
From: P J P <ppandit () redhat com>
Date: Fri, 25 Oct 2013 19:41:24 +0530 (IST)
Hello,Linux kernel built with an Ethernet driver(ex virtio-net) which has UDP Fragmentation Offload(UFO) feature ON is vulnerable to a memory corruption flaw when UDP_CORK socket option is set. It could occur when sending large messages, wherein all messages are not greater than maximum transfer unit(MTU) of the underlying medium.
An unprivileged user/program could use this flaw to crash the kernel resulting in DoS, or potentially execute arbitrary code to escalate privileges to gain root access to a system.
Upstream fix: ------------- -> http://patchwork.ozlabs.org/patch/285292/ Reference: ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1023477 Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Current thread:
- CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO P J P (Oct 25)
- Re: CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO Kurt Seifried (Oct 25)