oss-sec mailing list archives
Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities
From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Sun, 31 May 2015 01:30:05 +0200
Hi folks, Just providing an update on this. Several fixes for these issues have been merged. On Wed, May 27, 2015 at 4:45 PM, Jason A. Donenfeld
1. A remote packet can be sent, resulting in funny subtractions of signed integers, which causes a memcpy(kernel_heap, network_user_buffer, -network_user_provided_length). There are two different conditions that can lead to this: https://lkml.org/lkml/2015/5/13/740 https://lkml.org/lkml/2015/5/13/744 You may want to give two CVEs or just one CVE for these two issues.
https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c Please assign a CVE.
2. A remote packet can be sent, resulting in divide-by-zero in softirq, causing hard crash: https://lkml.org/lkml/2015/5/13/741
https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?&id=04bf464a5dfd9ade0dda918e44366c2c61fce80b Please assign a CVE.
3. A remote packet can be sent, resulting in a funny subtraction, causing an insanely big loop to lock up the kernel: https://lkml.org/lkml/2015/5/13/742
https://git.kernel.org/cgit/linux/kernel/git/gregkh/staging.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 Please assign a CVE.
4. Multiple out-of-bounds reads, resulting in possible information leakage, explained in the last paragraph of the introductory email here: https://lkml.org/lkml/2015/5/13/739
The maintainer has not yet written a patch to fix this issue, so it remains an open case. Please assign a CVE. I'd appreciate getting these CVEs assigned sooner rather than later. Thanks, Jason
Current thread:
- CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Jason A. Donenfeld (May 27)
- Re: CVE Request: Linux Kernel Ozwpan Driver - Remote packet-of-death vulnerabilities Jason A. Donenfeld (May 30)