oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Linux: packet: fix races in fanout_add() (CVE-2017-6346)

From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 28 Feb 2017 17:25:24 +0100
Hi

CVE-2017-6346 was assigned by MITRE to the following (via
https://cveform.mitre.org/):

https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b


packet: fix races in fanout_add()

Multiple threads can call fanout_add() at the same time.

We need to grab fanout_mutex earlier to avoid races that could
lead to one thread freeing po->rollover that was set by another thread.

Do the same in fanout_release(), for peace of mind, and to help us
finding lockdep issues earlier.


Since 4.2 the races can lead to a use-after-free.

The fix was backported to 4.9.13 as well.

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: