oss-sec mailing list archives
CVE request Linux kernel: net: guard tcp_set_keepalive against crash
From: P J P <ppandit () redhat com>
Date: Mon, 15 Sep 2014 17:03:47 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Linux kernel built with the Networking support(CONFIG_NET) is vulnerable to a crash, while resetting a socket timer. It could occur while doing a setsockopt(SO_KEEPALIVE) call. A privileged user/process able to create RAW socket could use this flaw to crash the system kernel resulting in DoS. Upstream fix: - ------------- -> https://git.kernel.org/linus/3e10986d1d698140747fcfc2761ec9cb64c1d582 Reference: - ---------- -> https://bugzilla.redhat.com/show_bug.cgi?id=1141742 Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUFs6bAAoJEN0TPTL+WwQfMF0P/3tYlFTCHpF594o/p84wdpyK KS6LaQIryYcxbZR6Pk28fpSf9bejXcj8RE0+eX2qCtZsCJYa2x8YhxoIppODqe+E EhMzedgxBlnOyg8xfbi/Mj92uYuf3ipLBMyBdMUUop8rb7cXw3wCEX4rgG+cih5n 3EhlcBJu6qFcpn463CUFtWAkv+pGGYtA1Ts7qNJB1A2BuWWIo0RjnNWO7VpxnFum b2BE2kVKkWCgT1UtDNFiTl3tOvuCQMjvmqSeFg/VdgWikXHEXjZVtOBi2JMzqkCA qCJO5A54grC2HwIMvRKcd8JnUqVKdZ7j4oO6KVngEH+jDTrJgilRoQ4goa+g0Ex2 UWiHqF7Z5IdeT2xRsf8bA1yZCHvciJleuVincYw96x70KBDqB4GgafabUaPYVZbw zwCm5sYB1yGecRjf3ggjIa9W1amJ6WH+R0We7AfK/wU7E0lmKJeQBYYT5i4dB+dg S4weE7kBYxcyIIJ+76pkTWtG/mbPPV1RTZ4nih9QwgHtMM3Ak0fmuBNhR34w80BL uj80qFXFs5ADnIpWKiE2091EJOQWrKVj22WVP5IznNGsUKvm7VItwjimfOFZRu32 AlzgjLRl4bq/GxNdLJGnirDW6HainPMIY4kZkdi4C7ItA81odIpdcEMol9QrcJjS 3RwyDR2QPgcqYmYCA3W/ =skE4 -----END PGP SIGNATURE-----
Current thread:
- CVE request Linux kernel: net: guard tcp_set_keepalive against crash P J P (Sep 15)
- Re: CVE request Linux kernel: net: guard tcp_set_keepalive against crash cve-assign (Sep 15)