'Re: [oss-security] CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: Linux kernel: net: memory corruption with UDP_CORK and UFO
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-10-25 20:07:31
Message-ID: 526ACF83.4060108 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/25/2013 08:11 AM, P J P wrote:
>    Hello,
> 
> Linux kernel built with an Ethernet driver(ex virtio-net) which has UDP
> Fragmentation Offload(UFO) feature ON is vulnerable to a memory
> corruption flaw when UDP_CORK socket option is set. It could occur when
> sending large messages, wherein all messages are not greater than
> maximum transfer unit(MTU) of the underlying medium.
> 
> An unprivileged user/program could use this flaw to crash the kernel
> resulting in DoS, or potentially execute arbitrary code to escalate
> privileges to gain root access to a system.
> 
> Upstream fix:
> -------------
>  -> http://patchwork.ozlabs.org/patch/285292/
> 
> Reference:
> ----------
>  -> https://bugzilla.redhat.com/show_bug.cgi?id=1023477
> 
> 
> Thank you.
> -- 
> Prasad J Pandit / Red Hat Security Response Team

Please use CVE-2013-4470 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSas+CAAoJEBYNRVNeJnmTbvwQAJ+unAsNrmKoFQpp01saoDF4
pUlgdgV1RFdFK8iOHYn7hq1OXjJvRoZLx4UMC/JTykDyYnUiuAe+NCN2GBZoNK8Z
xvCTjYK0NGNG/izsxBCqUnirUJlFwykmJjE/rjuXkjmJXiPna0l42UPr+xxOaynS
xX1IP516i2k2FMAvvKqLa5LaH2k94QDWfSl4KleTQ4hv3mMC72h31y4EGt5t5avE
GH2ZA44PFUr69xO2lJP6EoT2jdislOmTnSjEXngq3jgawBfeIJb2u5slB4SMaULQ
sdi9dLqdIe4k6oE07ip4yBU3UIwEjb1b+cmfLtFmx8Gqliab6T5NHspW2F5u9Sek
baVpRAGH+0HuHrIFI1p1me+s9cIDLbXTeHktUZUuHiR4z7Moxz1Sc2axoGnyumha
Qo7EbyQ1dVaokwAI7GjAa5en/3cFNFdj+/wdBa7dLecfcDbQfTDenbVtnHXiesD3
L1+XEKQ4X6ONZ1HNvwjoo/s/YcMOlT2oSQmAcmmjFYVKWcGkzFLHPKPkQzz2BBXi
687Zlh+sk46ptnZXx5N1IB2gOqXDuOLDMAYXilmDX1HPZWUAPg1g4uArIW30eiQG
SgM0yjrVrJi0M8+oDMhdgN4EYRBRufUd9urweChNOC7NFeCQzppIlIJKYq/WBhGm
3tjOGfppsAjWi5FtvYjH
=Eg+0
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic