[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- kernel: net: slab corruption due to improper synchronization aroun
From:       akuster <akuster () mvista ! com>
Date:       2012-08-31 19:37:58
Message-ID: 50411296.2000506 () mvista ! com
[Download RAW message or body]


Petr,

Is there a range of affected kernel versions?

Was this issue introduced by 1c32c5ad6fac8cee1a77449f5abf211e911ff830?

- Armin

On 08/31/2012 09:11 AM, Petr Matousek wrote:
> Description of the problem:
> Lack proper synchronization to manipulate inet->opt ip_options can lead
> to system crash.
> 
> Problem is that ip_make_skb() calls ip_setup_cork() and ip_setup_cork()
> possibly makes a copy of ipc->opt (struct ip_options), without any
> protection against another thread manipulating inet->opt. Another thread
> can change inet->opt pointer and free old one under us.
> 
> Given right server application (setting socket options and processing
> traffic over the same socket at the same time), remote attacker could
> use this flaw to crash the system. More likely though, local
> unprivileged user could use this flaw to crash the system.
> 
> Upstream fix:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f6d8bd051c391c1c0458a30b2a7abcd939329259
>  
> Thanks,
> 


[prev in list] [next in list] [prev in thread] [next in thread]