oss-sec mailing list archives
Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 28 Feb 2017 17:23:09 +0100
Hi CVE-2017-6347 was assigned by MITRE to the following (via https://cveform.mitre.org/): https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
ip: fix IP_CHECKSUM handling The skbs processed by ip_cmsg_recv() are not guaranteed to be linear e.g. when sending UDP packets over loopback with MSGMORE. Using csum_partial() on [potentially] the whole skb len is dangerous; instead be on the safe side and use skb_checksum(). Thanks to syzkaller team to detect the issue and provide the reproducer.
The issue was introduced in 4.0 by commit ad6f939ab193. The fix as well backported to 4.9.13. Regards, Salvatore
Current thread:
- Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347) Salvatore Bonaccorso (Feb 28)