oss-sec mailing list archives

Re: CVE request - Android kernel - IPv6 connect cause a denial of service

From: cve-assign () mitre org
Date: Fri, 11 Dec 2015 11:41:18 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

net/ipv4/af_inet.c
inet_autobind

if (sk->sk_prot->get_port(sk, 0)) {

if the sk->sk_prot->get_port is NULL

[ an unanticipated condition ]

Solution:
if (sk->sk_prot->get_port &&sk->sk_prot->get_port(sk, 0)) {

From: Hannes Frederic Sowa <hannes () stressinduktion org>
Date: Wed, 9 Dec 2015 15:31:32 +0100

I fear your solution
just papers over the bug and will leave the port in a half initialized
state.


Use CVE-2015-8543 for the originally identified bug. We realize that,
for example,
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/net/ipv4/af_inet.c
has not yet been changed. If Linux kernel developers determine that
multiple independent bugs result in situations where
sk->sk_prot->get_port is NULL above, then it is possible that
additional CVE IDs will be assigned later.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWavwyAAoJEL54rhJi8gl5YFsQAI5IxqeR4wGC8jgddurgDQMC
Ex3f5QsouQMuDD6KUGDy+pfl+oFzT6Y0qj4gE61iIhRUgvU5S6lSa0zBk29hQNDB
smoFCcgd0gqQMwA4ruCQqDA0tGVKdJTvqUb8vkwnU5cQ+6Qi71Qodo9tQxCNiA/U
SLoC4F2AQg/yMMrLhiWiRIg9H/9aLwLeETHfwqRe5wgoGombqiZ/zHn3kO9zvnXx
MFkDmdmjfwUhvtGzxRVOdMl+lDaOij/iehjffqXbwZM8hImHdy8XX/sI4SuZ5HrR
YD40VROb2ZnEXyGuEVW4QoTppelzXNjl008yW3ysagBPIiufRLRMiZ8Oikr5nOn7
Y9Tzftj859V1P4dldk5aB68zWhRiUX6rila45bzz6KgawdEihAldSkvN6zlRX3KD
WVny3XkTmTqItIN9rcT/HOQYBFRfrreU3tz93/w6AZamgKb4Op5gQdFzbRbLBUcP
8PwY1kGEY+MfqgQEFMyy9NP6AdMQBXrTce/Y+xfUWbTM48ordg33+F5nRgx/WPGU
Y7RijZCJcZPd8qi0jkj4Zp1MmRsmWsxssa6zDGsxHC46GiQhfP9OmndYloO/ze4x
jmZ2eALLw2Rta95VM/2upsYIC3YaShz3D7rU563aHuAusbTinkjCyFP0xKkRJDf5
NwVV5z0ou6GVCbxunTbb
=KMi2
-----END PGP SIGNATURE-----

Current thread:

CVE request - Android kernel - IPv6 connect cause a denial of service 郭永刚 (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 09)
- Re: CVE request - Android kernel - IPv6 connect cause a denial of service cve-assign (Dec 11)
  - Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 11)
  - Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)
    - Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Robert Święcki (Dec 14)
    - Re: Re: CVE request - Android kernel - IPv6 connect cause a denial of service Hannes Frederic Sowa (Dec 14)