oss-sec mailing list archives
Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213)
From: Jann Horn <jannhorn () googlemail com>
Date: Tue, 5 Mar 2019 22:02:49 +0100
Two Linux kernel bugs: out-of-bounds read and write in SNMP NAT module introduced in commit cc2d58634e0f ("netfilter: nf_nat_snmp_basic: use asn1 decoder library", first in 4.16) https://bugs.chromium.org/p/project-zero/issues/detail?id=1776 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net?id=c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.103 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.25 [this one's been public for a while, I didn't get around to sending a mail to oss-security about it] virtual address 0 is mappable via privileged write() to /proc/*/mem https://bugs.chromium.org/p/project-zero/issues/detail?id=1792 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0a1d52994d440e21def1c2174932410b4f2a98a1 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.14 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.27 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.105 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.162
Current thread:
- Linux kernel: OOB R/W in SNMP NAT module (CVE-2019-9162); virtual address 0 mappable (CVE-2019-9213) Jann Horn (Mar 06)