Re: CVE Request: UDP checksum DoS

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://twitter.com/grsecurity/status/605854034260426753
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0

> remote DoS via flood of UDP packets with invalid checksums

It appears that you are primarily asking for a CVE ID for the issue
involving the absence of a cond_resched call. Use CVE-2015-5364.

However, the presence of "return -EAGAIN" may also have been a
security problem in some realistic circumstances. For example, maybe
there's an attacker who can't transmit a flood with invalid checksums,
but can sometimes inject one packet with an invalid checksum. The
goal of this attacker isn't to cause a system hang; the goal is to
cause an EPOLLET epoll application to stop reading for an indefinitely
long period of time. This scenario can't also be covered by
CVE-2015-5364. Is it better to have no CVE ID at all, e.g., is
udp_recvmsg/udpv6_recvmsg simply not intended to defend against this
scenario?

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVlKXfAAoJEKllVAevmvmsTSgH/jryA2NkD/Xd0D4sGAuyThe5
1Z2ZH82+foJHpPX6gd5HEdzwxlPMIWIj5Todj1YbDc/p0YHSfUitamIZNRI1LSCI
9V+ZOH+7SFk0ezeuVwNKwKS1QdfT7BROsEPY+PdmZ7MayHTBIfi3Rc94pkDe0OHI
rjf7DHiOcV9D5SgSscEm7H02PlPXw8tBPsfF2zxJkdobDh19YSLXUB3B2rcCz4vA
+z5dhx/SuxuAwfvY+a+wP4xXxvpMmp3pO2CAnxvcVaOVjw18oYS5GegvrPWgDEiL
F2QPkzBs4BYGUPPIzsR8CaduV2g/IsZjF4aHokIY86HQ1FI85MMnXNXRbqQxPFk=
=f64G
-----END PGP SIGNATURE-----