|
Message-ID: <050445c18a3443e9ad987c659ab83817@imshyb02.MITRE.ORG> Date: Fri, 2 Dec 2016 19:24:09 -0500 From: <cve-assign@...re.org> To: <andreyknvl@...gle.com> CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>, <kcc@...gle.com>, <dvyukov@...gle.com>, <edumazet@...gle.com> Subject: Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > There's a bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation, > which allows CAP_NET_ADMIN users to cause memory corruption. > > The fix is upstream: > https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 >> CAP_NET_ADMIN users should not be allowed to set negative >> sk_sndbuf or sk_rcvbuf values, as it can lead to various memory >> corruptions, crashes, OOM... Use CVE-2016-9793. This affects, for example, 4.8.12. We might not completely understand the CVE implications of the "Note that before https://github.com/torvalds/linux/commit/82981930125abfd39d7c8378a9cfdf5e1be2002b the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were vulnerable" comment within the b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 commit message. 82981930125abfd39d7c8378a9cfdf5e1be2002b is a commit from 2012. The 3.5 release has this, whereas the 3.4 release does not. For now, we are assigning CVE-2012-6704 to mean the analogous vulnerability involving SO_SNDBUF and SO_RCVBUF that affects "before 3.5" kernels. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYQhAGAAoJEHb/MwWLVhi2Q70QALXvPXP7eiF3IBAKa2pTZOXs J9JGbNp3LcZhAbLlIsXD033lVMI04KB6eyymajLFxQ4++r+eqVq7EixYu8l5Aady MBNB5Oy8yzOG4+7ktAIPUNkCipbt016/VtTVgC6ryQbhDJHwrzSaL+2z7ukGRiTo MzN/4ojgB0QWs8gKfugH+Sk9MvjklxuRQr/wejVXxfpayfC+1KBWHzC/T/mv0mVv j8D8g2i5OmuJ6iemExzT13vvPY/kO6AdvNypMXc8ZL1i2rQD/xsQhNkRGubE6ace cqFGuYlj3RxVUh1dDF86hSbzJPj71vrfqKzlkx3Ml92yDMQxGz7xFbWIJLO69MD8 uBXGR9C5v7UJJKtHen5b+eyngvs/9aOLI12jbxWbdvg+MHJ/ZqYJP3tQ88iOCXuY fKJc+dgfYoPDybYgaD3jOhOT7ZfsRQvkiORSe9EU1s9/ic6dS8u1i3Z3j4DQ5RyH lIr2V/tT2JVd65Vm1UJuENO/tQCHTKj+PQBrRjqHk2tHzlx8dpH0G4fjyOewwTYl U//XW9U5flbUqViKHpRqhN1czZNBwYOV2nCJ22j9dgX0m/QEDkREibtBLVkHZiNX eC96vz5DQvTAvS4klSGdQOJ85TwEBxG8y4PGfz2XND/CjrKfaBr8sDBLh7YPUhfb 2+HqiZwP/N92Pq3N5vah =a80X -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.