oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213)

From: Jann Horn <jannhorn () googlemail com>
Date: Tue, 5 Mar 2019 22:02:49 +0100
Two Linux kernel bugs:

out-of-bounds read and write in SNMP NAT module
introduced in commit cc2d58634e0f ("netfilter: nf_nat_snmp_basic: use
asn1 decoder library",
first in 4.16)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1776
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net?id=c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.103
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.25
[this one's been public for a while, I didn't get around to sending a
mail to oss-security about it]

virtual address 0 is mappable via privileged write() to /proc/*/mem
https://bugs.chromium.org/p/project-zero/issues/detail?id=1792
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162
Previous By Date Next
Previous By Thread Next

Current thread: