oss-sec mailing list archives
Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message
From: cve-assign () mitre org
Date: Fri, 9 May 2014 16:44:22 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05ab8f2647e4221cbdb3856dd7d32bd5407316b3
The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to check for a minimal message length
Use CVE-2014-3144. (The _NEST variant was introduced at a later time, but the affected code is somewhat analogous, and the lack of an skb->len check for the _NEST variant probably can't be considered an independent mistake relative to the lack of an skb->len check in the earlier code.)
The remainder calculation for the BPF_S_ANC_NLATTR_NEST extension is also wrong. It has the minuend and subtrahend mixed up
Use CVE-2014-3145. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTbT2+AAoJEKllVAevmvmsr2AH/ihcjVIL8rg9t7OIyI/+4Ht2 qR9sEO7tkHP4GUMKI1FodU94HMhtdAO4PNzAx4jKyPiaFBNvKK4QP5/1Mhy0dFf4 ytuARfTkCMmWnkK/Z5OC4XQHfQWeZkjrdp14B81t0E2RrPv+FrScTTP68A6Ytd5h l9x2cf0U1ahOHqzX9r/ZyhEn0RPWSdc0RGZfcuLJP/QhcktCTmaJehFjq+K2UvAi AkVgeXhQZTXtF7lPBDAL4sHiFVwbtHmOnRuk9CuXClV1/D0fbFSV34tyaR8cQ5Sv XAEI96yT+QZ3jMQW1FNhkYpNSoikTOb/vatOrCYqxJgP8wtF2KWc9Y1A98XoO5I= =0cjW -----END PGP SIGNATURE-----
Current thread:
- CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message P J P (May 09)
- Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message cve-assign (May 09)