oss-sec mailing list archives
Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 23 May 2018 08:57:45 -0600
On Wed, May 23, 2018 at 8:49 AM, Andrey Konovalov <andreyknvl () gmail com> wrote:
On Thu, May 10, 2018 at 2:05 PM, Vladis Dronov <vdronov () redhat com> wrote:Hello, A null pointer dereference in dccp_write_xmit() function innet/dccp/output.cin the Linux kernel before v4.16-rc7 allows a local user to cause adenial ofservice by a number of certain crafted system calls.
So the classic CVE statement for this is "does it cross/violate a trust boundary". Yeah I know, not super helpful. In general when I look at something and need to decide whether or not it deserves/needs a CVE the fundamentals are: 1) Can an attacker use this vulnerability to gain access, additional privileges, basically is there an impact to Confidentiality/Availability/Integrity? This is really two tests: is there an impact, and is there a way for the attacker to trigger or exploit it? That's a CVE. 2) Does the software/system make a specific security claim that they then fail to meet? E.g. "we include a firewall that blocks access to everything inbound except for port 22", if they were to then also allow port 80, that'd be a CVE. So for the syzbot stuff mostly what you need to determine is: a) is there a security related impact? AND b) can an attacker trigger it? If both are yes, then a CVE is warranted.
References: https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94https://marc.info/?t=152036611500003&r=1&w=2 An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2Best regards, Vladis Dronov | Red Hat, Inc. | Product Security EngineerHi Vladis, I've been wondering, how do you choose which bugs you request CVEs for? Syzbot reported a few hundreds of them over the last few months and a decent fraction of them looks scarier than a null pointer dereference. Thanks!
-- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Vladis Dronov (May 10)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 23)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried (May 23)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Evgenii Shatokhin (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried (May 23)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 23)