oss-sec mailing list archives
Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets
From: Andrey Konovalov <andreyknvl () google com>
Date: Tue, 30 May 2017 21:12:21 +0200
A few CVEs were assigned for similar bugs causing kernel memory corruption (use-after-free followed by a double-free) in IPv4/IPv6 TCP/SCTP/DCCP sockets. The details are below. The bugs were found with syzkaller. * CVE-2017-8890 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890 Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a * CVE-2017-9075 The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075 Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8 * CVE-2017-9076 The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076 Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52 * CVE-2017-9077 The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077 Fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83eaddab4378db256d00d295bda6ca997cd13a52
Current thread:
- Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets Andrey Konovalov (May 30)