oss-sec mailing list archives
Linux kernel: CVE-2018-1065 - netfilter rule insertion may panic system.
From: Wade Mealing <wmealing () redhat com>
Date: Mon, 05 Mar 2018 05:15:13 +0000
This flaw was reported to nedev via syzbot (the Syzkaller fuzzer). It is possible that a user with the capabilities to insert iptables/netfilter rules is able to insert a rule that can jump to a non user-user chain/invalid chain. This is not possible using the iptables/netfilter libitc code, however it is possible via setsockopt with the appropriate capabilities set. The bug is not specific to SCTP it is just coincidental that the syzcaller code has tripped it using this path. The patches fix both ipv6 and ipv4 paths that are able to trigger the issue. Thanks Report: http://lists.openwall.net/netdev/2018/01/27/46 Proposed patch: <http://patchwork.ozlabs.org/patch/870355/> http://patchwork.ozlabs.org/patch/870355/
Current thread:
- Linux kernel: CVE-2018-1065 - netfilter rule insertion may panic system. Wade Mealing (Mar 04)