oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: [scr293903] Linux kernel - upstream

From: Andrey Konovalov <andreyknvl () google com>
Date: Sun, 12 Feb 2017 19:46:49 +0100
---------- Forwarded message ----------
From:  <cve-request () mitre org>
Date: Sun, Feb 12, 2017 at 7:45 PM
Subject: Re: [scr293903] Linux kernel - upstream
To: andreyknvl () google com
Cc: cve-request () mitre org


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The CVE ID is below. Please clarify whether you want this added to the
public CVE List immediately. You have provided
https://patchwork.ozlabs.org/patch/724136/ as a public reference that
appears to disclose this as a vulnerability, at least if the attacker
can run a local application to make arbitrary system calls. The public
reference does not directly suggest a remote attack: that detail could
be omitted from the public CVE List.



[Additional Information]
It's possible to cause a denial of server by sending bad IP options on a socket.
Potentially this can be triggered remotely.

------------------------------------------

[VulnerabilityType Other]
Denial of service

------------------------------------------

[Vendor of Product]
Linux kernel

------------------------------------------

[Affected Product Code Base]
Linux kernel - upstream

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Denial of Service]
true

------------------------------------------

[Reference]
https://patchwork.ozlabs.org/patch/724136/

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true


Use CVE-2017-5970.


- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYoK07AAoJEHb/MwWLVhi28REP/id92tkREqUYayj/GcZUN67r
swVR6fvnO0vP7lfVR4iPg5tKRCfM9FkIBU2+OHEXFGzvsXA/jHaabADqqkWOHfGA
QcXx4dz1HJEwGr+ALRVW6YDl7clWIKW9u6zP2Md6EKYPxl5IeeJHvQwCCFGhW4CW
zTdxYnPaSVs8PixpYpF5ZpiVzGL2KM13Ccwbsj7Jkjzz4YzNjWXz5Si3DsDkrD9v
NwGN1DG9q8p+Nab29di55oRSMsx9NqAXzbIKzH93aoykO5gU7PsvwszsAg98NsAY
mcwj/3s+HaZkH6i2Q8UyRfqvZ6JWNr3FGGhfZX+pEnYZ28RF93Ven8+8MrlrSEkm
B/tx0gf7Y3RPvb686ppDpkPK0x5JeOEsMhRHRSF5GKm24Ltev0c+vyEts2KJeAoq
f+8PiFz3T2DIrs3356/sa7ovsQl2+X10vQj/Ai0G4CFC1J+3e9cdqkYPvOR5PlVB
PMArIFpd2FLD/Rt9SmbtWlA6Crtcx/2Ijz29T1BlHIWSxmni1nz1bgnzg3+XhFwL
fnoCy/Wl1b/9Er6+VmY0jzlr66IOAr+5GycnjSfKqQFBEAejuH/vuGQVXP4w3F4q
6Uc1uDVE1onZPIuRgzhEUienWlRnoOOwD1Bdwa1BLEKf0sx+6zr+2gvsvr1dAI27
P8bNrk2iD7/BEvo/GY5O
=Esbo
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: