oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)

From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 28 Feb 2017 17:23:09 +0100
Hi

CVE-2017-6347 was assigned by MITRE to the following (via
https://cveform.mitre.org/):

https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32


ip: fix IP_CHECKSUM handling

The skbs processed by ip_cmsg_recv() are not guaranteed to
be linear e.g. when sending UDP packets over loopback with
MSGMORE.
Using csum_partial() on [potentially] the whole skb len
is dangerous; instead be on the safe side and use skb_checksum().

Thanks to syzkaller team to detect the issue and provide the
reproducer.


The issue was introduced in 4.0 by commit ad6f939ab193. The fix as
well backported to 4.9.13.

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: