Re: Re: CVE Request: UDP checksum DoS

[Gsunde Orangen <gsunde.orangen () gmail com>]

These two issues (CVE-2015-5366 and CVE-2015-5364) - commit in May 30th:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0

are fixed upstream in: 3.10.81, 3.12.44, 3.14.45, 3.18.17, 4.0.6, and
4.1-rc7

Does anyone know the reason why it wasn't (yet?) included in the
latest 3.4.x release (3.4.108 as of 2015-06-19)?

Thanks,
Gsunde


On 2015-07-06, 11:23 cve-assign () mitre org wrote:
> > > However, the presence of "return -EAGAIN" may also have been a
> > >  security problem in some realistic circumstances. For
> > > example, maybe there's an attacker who can't transmit a flood
> > > with invalid checksums, but can sometimes inject one packet
> > > with an invalid checksum. The goal of this attacker isn't to
> > > cause a system hang; the goal is to cause an EPOLLET epoll
> > > application to stop reading for an indefinitely long period of
> > > time. This scenario can't also be covered by CVE-2015-5364. Is
> > > it better to have no CVE ID at all, e.g., is
> > > udp_recvmsg/udpv6_recvmsg simply not intended to defend against
> > > this scenario?
>
> > It seems reasonable to assign a second CVE ID to that issue.
>
> Use CVE-2015-5366.