oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message

From: cve-assign () mitre org
Date: Fri, 9 May 2014 16:44:22 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05ab8f2647e4221cbdb3856dd7d32bd5407316b3



The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to
check for a minimal message length


Use CVE-2014-3144.

(The _NEST variant was introduced at a later time, but the affected
code is somewhat analogous, and the lack of an skb->len check for the
_NEST variant probably can't be considered an independent mistake
relative to the lack of an skb->len check in the earlier code.)



The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is
also wrong. It has the minuend and subtrahend mixed up


Use CVE-2014-3145.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTbT2+AAoJEKllVAevmvmsr2AH/ihcjVIL8rg9t7OIyI/+4Ht2
qR9sEO7tkHP4GUMKI1FodU94HMhtdAO4PNzAx4jKyPiaFBNvKK4QP5/1Mhy0dFf4
ytuARfTkCMmWnkK/Z5OC4XQHfQWeZkjrdp14B81t0E2RrPv+FrScTTP68A6Ytd5h
l9x2cf0U1ahOHqzX9r/ZyhEn0RPWSdc0RGZfcuLJP/QhcktCTmaJehFjq+K2UvAi
AkVgeXhQZTXtF7lPBDAL4sHiFVwbtHmOnRuk9CuXClV1/D0fbFSV34tyaR8cQ5Sv
XAEI96yT+QZ3jMQW1FNhkYpNSoikTOb/vatOrCYqxJgP8wtF2KWc9Y1A98XoO5I=
=0cjW
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: