oss-sec mailing list archives
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring
From: Solar Designer <solar () openwall com>
Date: Sat, 1 Apr 2017 22:44:57 +0200
To Red Hat folks: On Fri, Mar 31, 2017 at 07:20:20PM +0200, Andrey Konovalov wrote:
On Fri, Mar 31, 2017 at 2:03 PM, Andrey Konovalov <andreyknvl () google com> wrote:CVE-2017-7308 [1] was assigned to the following issue: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls. The fix is sent upstream [2].Update: the fix actually consists of 3 patches: https://patchwork.ozlabs.org/patch/744811/ https://patchwork.ozlabs.org/patch/744813/ https://patchwork.ozlabs.org/patch/744812/[1] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7308 [2] https://patchwork.ozlabs.org/patch/744811/
Red Hat currently says all RHEL starting with RHEL5 are affected: https://access.redhat.com/security/cve/cve-2017-7308 However, the corresponding Bugzilla entry has no mention of that: https://bugzilla.redhat.com/show_bug.cgi?id=1437404 So is it just a better-safe-than-sorry default to list products as affected until known otherwise? If so, maybe Unknown would be better? RHEL5 doesn't yet include TPACKET_V3. I did not check RHEL6. https://github.com/torvalds/linux/commit/f6fb8f100b807378fda19e83e5ac6828b638603a Alexander
Current thread:
- Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Solar Designer (Apr 01)
- Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Martin Prpic (Apr 03)
- <Possible follow-ups>
- Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov (May 10)